CVE-2017-15303
published 2017-10-16CVE-2017-15303: In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local…
PriorityP275high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.53%
71.7th percentile
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cpuid | cpu-z | <= 1.42 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for processes issuing IOCTL code 0x9C402430 to the CPU-Z kernel-mode driver (cpuz141_x64.sys or similar versioned variants) ↗
- →Flag presence of vulnerable CPU-Z kernel driver files (e.g., cpuz141_x64.sys) on endpoints, as exploitation requires the driver to be loaded ↗
- ·Exploitation requires CPU-Z to be actively running on the local machine so that the vulnerable kernel-mode driver is loaded; the arbitrary memory write and privilege escalation are only possible while the driver is present in memory ↗
- ·The vulnerability affects CPU-Z versions before 1.43; version 1.41 is explicitly confirmed vulnerable via cpuz141_x64.sys ↗
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:L/AC:L/Au:S/C:P/I:P/A:P
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-92jj-g6qw-xrrw: In CPUID CPU-Z before 1
ghsa_unreviewed·2022-05-17
CVE-2017-15303 [HIGH] CWE-787 GHSA-92jj-g6qw-xrrw: In CPUID CPU-Z before 1
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).
VulnCheck
cpuid cpu-z Out-of-bounds Write
vulncheck·2017·CVSS 7.8
CVE-2017-15303 [HIGH] cpuid cpu-z Out-of-bounds Write
cpuid cpu-z Out-of-bounds Write
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).
Affected: cpuid cpu-z
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
Exploit PoC: https://vulncheck.com/xdb/61442d0705c5
No detection rules found.
No public exploits indexed.
Trendmicro
Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
blogs_trendmicro·2021-04-09
Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
APT & Targeted Attacks
# Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
This blog details how Iron Tiger threat actors have updated their toolkit with an updated SysUpdate malware variant that now uses five files in its infection routine instead of the usual three.
By: Daniel Lunghi, Kenney Lu
2021/04/09
Read time: ( words)
Save to Folio
Update as of April 27, 2021, 7 A.M. E.T.: We've updated the "Rootkits From a Public Repository" section and the appendix to include a second sample.
More than a year after Operation DRBControl, a campaign by a cyberespionage group that targets gambling and betting companies in Southeast Asia, we found evidence that the Iron Tiger threat actor is still interested in the gambling industry.
This blog details how Iron Tiger threat actors
Wiz
CVE-2025-65264 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-65264 [HIGH] CVE-2025-65264 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-65264 :
CPUID CPU-Z vulnerability analysis and mitigation
The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request.
Source : NVD
## 5.5
Score
Published January 27, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
CPUID CPU-Z
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:cpuid:cpu-z:*:*:*:*:*:windows:*:*
cpe:2.3:a:cpuid:cpu-z
Sources
Windows Severity MEDIUM No Fix Added at: Feb 08, 2026
Windows Severity MEDIUM No Fix Added at: Feb 09, 2026
2017-10-16
Published
Exploited in the wild