| Titolo | DVDFab DVDFab Virtual Drive 2.0.0.5 Local Privilege Escapation |
|---|
| Descrizione | DVDFab Virtual Drive x.x.x.x ships the signed kernel driver dvdfabio.sys. The driver exposes \\.\DVDFabIO and implements registry proxy IOCTLs that open or create caller-selected native registry paths from kernel context.
The returned registry handle is inserted into the caller's process handle table. Because the driver opens the key from kernel mode without enforcing the caller's normal registry access checks, a standard user can obtain a usable handle to protected HKLM keys. In the validation below, a standard user could not directly write to a protected HKLM test key and could not directly query `HKLM\SAM\SAM`; the same user used \\.\DVDFabIO to write the protected test key and to open/query HKLM\SAM\SAM. |
|---|
| Fonte | ⚠️ https://winslow1984.com/books/cve-collection/page/dvdfab-virtual-drive-kernel-driver-dvdfabiosys-local-privilege-escalation |
|---|
| Utente | winslow1984 (UID 79140) |
|---|
| Sottomissione | 20/05/2026 07:07 (28 giorni fa) |
|---|
| Moderazione | 14/06/2026 15:45 (25 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 370860 [DVDFab Virtual Drive 2.0.0.5 Signed Kernel Driver dvdfabio.sys escalationi di privilegi] |
|---|
| Punti | 20 |
|---|