CVE-2023-41444

Published: Sep 28, 2023Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.

Affected (1)

Products: Binalyze: Irec

Binalyze

1 product

Irec

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Binalyze Irec	Up to 3.11.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945

Source: cve@mitre.org

ExploitThird Party Advisory

https://gist.github.com/dru1d-foofus/1af21179f253879f101c3a8d4f718bf0

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/magicsword-io/LOLDrivers/blob/main/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yml

Source: cve@mitre.org

ExploitProduct

https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://gist.github.com/dru1d-foofus/1af21179f253879f101c3a8d4f718bf0

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/magicsword-io/LOLDrivers/blob/main/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yml

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitProduct

Timeline

No history available yet.