cbcvebase.
CVE-2017-15303
published 2017-10-16

CVE-2017-15303: In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local…

PriorityP275high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.53%
71.7th percentile
In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for version 1.41).

Affected

1 ranges
VendorProductVersion rangeFixed in
cpuidcpu-z<= 1.42

Detection & IOCsextracted from sources · hover to see the quote

otherioctl 0x9C402430
filenamecpuz141_x64.sys
  • Monitor for processes issuing IOCTL code 0x9C402430 to the CPU-Z kernel-mode driver (cpuz141_x64.sys or similar versioned variants)
  • Flag presence of vulnerable CPU-Z kernel driver files (e.g., cpuz141_x64.sys) on endpoints, as exploitation requires the driver to be loaded
  • ·Exploitation requires CPU-Z to be actively running on the local machine so that the vulnerable kernel-mode driver is loaded; the arbitrary memory write and privilege escalation are only possible while the driver is present in memory
  • ·The vulnerability affects CPU-Z versions before 1.43; version 1.41 is explicitly confirmed vulnerable via cpuz141_x64.sys

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:L/AC:L/Au:S/C:P/I:P/A:P
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.