CVE-2023-41444: Code Injection
First published: Thu Sep 28 2023(Updated: )
An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Microsoft Windows Operating System | ||
| Binalyze IREC | <=3.11.0 | |
| Binalyze IREC | <=3.11.0 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2023-41444.
What software is affected by this vulnerability?
The Binalyze IREC software versions up to and including 3.11.0 are affected by this vulnerability.
How can a local attacker exploit this vulnerability?
A local attacker can exploit this vulnerability by executing arbitrary code and escalating privileges using the 'fun_1400084d0' function in the IREC.sys driver.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is high, with a CVSS score of 7.8.
Are Microsoft Windows systems vulnerable to this issue?
No, Microsoft Windows systems are not vulnerable to this issue.
- agent/type
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft windows operating system
- vendor/binalyze
- canonical/binalyze irec
- version/binalyze irec/3.11.0