Microsoft® Windows® XP and Windows Server® 2003 systems are being attacked through CVE-2007-5587, a buffer overflow vulnerability in the Macrovision secdrv.sys driver.
The driver handles configuration parameters incorrectly. This allows an attacker with local access to a system to overwrite arbitrary memory locations, gaining SYSTEM privileges.
This vulnerability was first reported in mid-October 2007. No workarounds are known, but Microsoft (Nasdaq: MSFT) plans to provide a security update through the monthly release process.
External links:
- “Privilege Escalation Exploit In the Wild” (Symantec)
- “Secure Your Driver” (Kartoffel)
- Microsoft security advisory 944653: “Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege”
- CVE-2007-5587
Do you have any experiences or other news regarding this vulnerability? Please post your comments!
Post a Comment