Skip to main content

DVDFab Virtual Drive EUVDEUVD-2026-36690

| CVE-2026-12217 HIGH
Incorrect Privilege Assignment (CWE-266)
2026-06-15 cna@vuldb.com GHSA-28g2-hhg9-hhq8
7.1
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local attack against a kernel driver requiring a low-privileged local account (AV:L, PR:L), no user interaction, low complexity, with full kernel-level confidentiality, integrity, and availability impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (vuldb).

CVSS VectorVendor: vuldb

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 15, 2026 - 04:32 vuln.today

DescriptionCVE.org

A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Local privilege escalation in DVDFab Virtual Drive 2.0.0.5 allows authenticated local users to abuse improper privilege management in the signed kernel driver dvdfabio.sys to gain elevated execution within the Windows kernel. Publicly available exploit code exists and the vendor did not respond to coordinated disclosure, increasing the window of risk for affected endpoints. No CISA KEV listing has been recorded, and EPSS data was not provided in the input.

Technical ContextAI

DVDFab Virtual Drive ships a signed Windows kernel-mode driver (dvdfabio.sys) used to emulate optical media. Because the driver is signed by a trusted vendor it loads on standard Windows installations subject to driver-signature enforcement, and any improperly authorized IOCTL or interface it exposes runs in ring 0. The flaw maps to CWE-266 (Incorrect Privilege Assignment), meaning an interface intended for privileged callers does not adequately enforce the caller's privilege level, enabling a lower-privileged process to perform actions reserved for kernel or administrator context. This is the canonical 'Bring Your Own Vulnerable Driver' (BYOVD) class of issue, where the signed status of the binary is itself an attack asset.

RemediationAI

No vendor-released patch identified at time of analysis - the reporter notes DVDFab did not respond to disclosure. Until a fixed driver is published, uninstall DVDFab Virtual Drive 2.0.0.5 from systems that do not require optical-media emulation, and on systems where it must remain, restrict interactive logon and local account creation to trusted administrators since exploitation requires local access. To mitigate BYOVD reuse on systems that never had DVDFab installed, deploy the Microsoft Vulnerable Driver Blocklist (enabled by default on Windows 11 22H2+, configurable via WDAC/HVCI on older builds) and add dvdfabio.sys to custom WDAC or EDR driver-block policies; the trade-off is that any legitimate DVDFab Virtual Drive functionality will break. Monitor for kernel driver loads of dvdfabio.sys from unexpected paths or by non-DVDFab processes as a high-fidelity BYOVD indicator. Reference: https://vuldb.com/vuln/370860 and the technical write-up at https://winslow1984.com/books/cve-collection/page/dvdfab-virtual-drive-kernel-driver-dvdfabiosys-local-privilege-escalation.

Share

EUVD-2026-36690 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy