Velocidex WinPmem CVE-2024-10972
HIGHSeverity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
Primary rating from Vendor (rapid7) · only source for this CVE.
CVSS VectorVendor: rapid7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
Lifecycle Timeline
1DescriptionCVE.org
Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.
AnalysisAI
Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-367. Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today