CVE-2019-9729

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation	Exploit Third Party Advisory
https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:shanda:maplestory_online:160.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:52

Type	Values Removed	Values Added
References	~~() https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation - Exploit, Third Party Advisory~~	() https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation - Exploit, Third Party Advisory

Information

Published : 2019-03-12 22:29

Updated : 2024-11-21 04:52

NVD link : CVE-2019-9729

Mitre link : CVE-2019-9729

CVE.ORG link : CVE-2019-9729

JSON object : View

Products Affected

shanda

maplestory_online

CWE

CWE-129

Improper Validation of Array Index

CWE-787

Out-of-bounds Write

{"id": "CVE-2019-9729", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-03-12T22:29:01.363", "references": [{"url": "https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-129"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow."}, {"lang": "es", "value": "En la versi\u00f3n V160 de Shanda MapleStory Online, el controlador SdoKeyCrypt.sys permite el escalado de privilegios a NT AUTHORITY\\SYSTEM debido a la falta de una validaci\u00f3n de un valor de entradas IOCtl 0x8000c01c, conduciendo a un error en la propiedad signedness de un n\u00famero entero y un subdesbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."}], "lastModified": "2024-11-21T04:52:11.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:shanda:maplestory_online:160.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3AD79E1-AC58-4A12-AC10-BA8245135208"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}