Furthermore, Windows can be configured to use the RAM disk for temporary files, so that the system and most applications would use the fast in-memory disk for their temporary data. SoftPerfect RAM Disk creates a virtual disk residing in the computer RAM accessible in Windows Explorer and other applications, allowing you to store any temporary information on this disk. Whatever your job is, read on to find out what a RAM disk can offer you. As the memory is much faster than physical hard disks, storing temporary data on a fast in-memory disk achieves a higher performance. SoftPerfect RAM Disk is a high-performance RAM disk application that lets you have a disk on your computer entirely stored in its memory. This kind of vulnerability can allow an attacker to bypass kASLR mitigation and open possibility to local privilage escalation when used in conjunction with another vulnerability.SoftPerfect RAM Disk 4.3.3 Multilingual | 4.9 Mb
Output: C:\tmp\ramdisk>RamDiskMemLeak.exeĠ000. Neolib::hex_dump(outBuffer, outBufferSize, std::cout) Printf("DeviceIoControl IOCTL : 0x222024\n") Printf("error: something in OpenDeviceEx failed\n") HANDLE hDevice = OpenDeviceWorker(deviceName, GENERIC_READ | GENERIC_WRITE, &errmsg, TRUE) LPCWSTR deviceName = L"\\Device\\SoftPerfectVolume" The spvve.sys driver creates a device object Device\SoftPerfectVolume that is accessible to any user on the system so any user sending specially crafted I/O request packet (IRP) can cause information disclosure (leak kernel pool memory address). SoftPerfect RAM Disk is a high-performance RAM disk application that lets the user store a disk from their computer stored on the device’s memory. The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.ģ.8 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CWE An attacker can send a malicious IRP to trigger this vulnerability. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information.
An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver.
0 kommentar(er)
