Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local low-privileged user sends IOCTL to a kernel driver with broken access control, gaining full SYSTEM-level C/I/A; no user interaction, no scope change to a separate security authority.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Local privilege escalation in IM-Magic Partition Resizer up to 7.9.0 stems from improper access controls in the MDA_NTDRV.sys kernel driver, allowing a low-privileged local user to gain elevated kernel-level capabilities. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, leaving all currently shipped versions (7.0 through 7.9.0) without a fix. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires a local interactive or remote-shell session on a Windows host with IM-Magic Partition Resizer versions 7.0 through 7.9.0 installed (so that MDA_NTDRV.sys is loaded or loadable), plus the ability to execute code as any authenticated low-privileged user (PR:L) - no admin rights, no user interaction, and no special configuration are needed beyond the driver being present. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector AV:L/AC:L/AT:N/PR:L/UI:N with VC:H/VI:H/VA:H accurately reflects a local low-privileged attacker achieving full kernel-level confidentiality, integrity, and availability impact - a textbook LPE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A standard-user attacker - either an interactive malicious insider or commodity malware that landed via phishing without admin rights - opens a handle to the MDA_NTDRV device object and issues a crafted IOCTL that performs a privileged memory or disk operation without verifying the caller's token. Using the publicly available POC from winslow1984.com, the attacker escalates to NT AUTHORITY\SYSTEM, then disables EDR, dumps LSASS, or installs persistence. … |
| Remediation | No vendor-released patch identified at time of analysis - the vendor was contacted but did not respond. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct an inventory scan to identify all systems running IM-Magic Partition Resizer versions 7.0-7.9.0. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38149
GHSA-fw2h-288w-q47j