Arbitrary Kernel Memory Write Vulnerability in WinMagic SecureDoc v8.5 and Earlier

Arbitrary Kernel Memory Write Vulnerability in WinMagic SecureDoc v8.5 and Earlier

CVE-2020-11520 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution.

Learn more about our User Device Pen Test.