A system driver in the Dokan Open Source File System contains a stack-based buffer overflow, which could allow an attacker to gain elevated privileges on the host machine.
CWE-121: Stack-based Buffer Overflow - CVE-2018-5410
Dokan, versions between 220.127.116.1100 and 18.104.22.1680, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 22.214.171.12400 version update.
An attacker could corrupt the kernel memory and elevate their system privileges to gain control of the system.
Update to the newest version
Atmo O Affected
MLV Filesystem Affected
Cuemounter Not Affected
Peonefs Not Affected
Shaman.Dokan.Warc Not Affected
Win-SSHFS Not Affected
Thanks to Parvez Anwar for reporting this vulnerability.
This document was written by Madison Oliver.
|Date First Published:||2018-12-20|
|Date Last Updated:||2019-01-15 16:31 UTC|