CVE-2020-12122

Published: Feb 5, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)

Affected (1)

Products: Maxpcsecure: Max Spyware Detector

1 product

Max Spyware Detector

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Maxpcsecure Max Spyware Detector	Version 1.0.0.044

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://github.com/FULLSHADE/Kernel-exploits

Source: cve@mitre.org

Product

https://github.com/FULLSHADE/Kernel-exploits/tree/master/MaxProc64.sys

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.maxpcsecure.com/spywaredetector.htm

Source: cve@mitre.org

Product

https://github.com/FULLSHADE/Kernel-exploits

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/FULLSHADE/Kernel-exploits/tree/master/MaxProc64.sys

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.maxpcsecure.com/spywaredetector.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.