SecurStar DriveCrypt 'DCR.sys' IOCTL Handling Privilege Escalation Vulnerability Network Vulnerability

Summary

This host is installed with SecurStar DriveCrypt and is prone to privilege escalation vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: Application.

Solution

Upgrade to SecurStar DriveCrypt version 5.5 or later For updates refer to http://www.securstar.com/downloads.php

Insight

The flaw exists due to an error in the 'DCR.sys' driver when processing 'IOCTLs' and can be exploited to corrupt memory via a specially crafted 0x00073800 IOCTL.

Affected

SecurStar DriveCrypt version 5.3 and 5.4

References

http://osvdb.org/70426
http://secunia.com/advisories/42881
http://www.exploit-db.com/exploits/15972/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0513

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)
Adobe Acrobat Multiple Vulnerabilities - Windows
Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)

Take action and discover your vulnerabilities