Skip to main content

IM-Magic Partition Resizer CVE-2026-12784

| EUVDEUVD-2026-38149 HIGH
Improper Access Control (CWE-284)
2026-06-21 VulDB GHSA-fw2h-288w-q47j
7.1
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local low-privileged user sends IOCTL to a kernel driver with broken access control, gaining full SYSTEM-level C/I/A; no user interaction, no scope change to a separate security authority.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 22, 2026 - 05:59 vuln.today
CVSS changed
Jun 21, 2026 - 08:22 NVD
8.5 (HIGH) 7.1 (HIGH)

DescriptionCVE.org

A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Local privilege escalation in IM-Magic Partition Resizer up to 7.9.0 stems from improper access controls in the MDA_NTDRV.sys kernel driver, allowing a low-privileged local user to gain elevated kernel-level capabilities. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, leaving all currently shipped versions (7.0 through 7.9.0) without a fix. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local shell
Delivery
Open handle to MDA_NTDRV device
Exploit
Send crafted IOCTL bypassing access checks
Execution
Trigger kernel-mode privileged operation
Persist
Escalate to SYSTEM
Impact
Disable security tooling and persist

Vulnerability AssessmentAI

Exploitation Requires a local interactive or remote-shell session on a Windows host with IM-Magic Partition Resizer versions 7.0 through 7.9.0 installed (so that MDA_NTDRV.sys is loaded or loadable), plus the ability to execute code as any authenticated low-privileged user (PR:L) - no admin rights, no user interaction, and no special configuration are needed beyond the driver being present. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:L/AC:L/AT:N/PR:L/UI:N with VC:H/VI:H/VA:H accurately reflects a local low-privileged attacker achieving full kernel-level confidentiality, integrity, and availability impact - a textbook LPE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A standard-user attacker - either an interactive malicious insider or commodity malware that landed via phishing without admin rights - opens a handle to the MDA_NTDRV device object and issues a crafted IOCTL that performs a privileged memory or disk operation without verifying the caller's token. Using the publicly available POC from winslow1984.com, the attacker escalates to NT AUTHORITY\SYSTEM, then disables EDR, dumps LSASS, or installs persistence. …
Remediation No vendor-released patch identified at time of analysis - the vendor was contacted but did not respond. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct an inventory scan to identify all systems running IM-Magic Partition Resizer versions 7.0-7.9.0. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12784 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy