CVE-2018-5410
published 2019-01-07CVE-2018-5410: Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device…
PriorityP348high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.59%
72.7th percentile
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dokan-dev | dokany | >= 1.0.0.5000 < 1.2.0.1000 | 1.2.0.1000 |
| dokan | open_source_file_system | >= 1.0.0.5000 < 1.0.0.5000* | 1.0.0.5000* |
| dokan | open_source_file_system | 1.2.0.1000 – 1.2.0.1000 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/106274https://cwe.mitre.org/data/definitions/121.htmlhttps://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000https://kb.cert.org/vuls/id/741315/https://www.exploit-db.com/exploits/46155/http://www.securityfocus.com/bid/106274https://cwe.mitre.org/data/definitions/121.htmlhttps://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000https://kb.cert.org/vuls/id/741315/https://www.exploit-db.com/exploits/46155/
2019-01-07
Published