CVE-2020-12122

In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
maxpcsecuremax_spyware_detector
1.0.0.044
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/FULLSHADE/Kernel-exploits
https://github.com/FULLSHADE/Kernel-exploits/tree/master/MaxProc64.sys
https://www.maxpcsecure.com/spywaredetector.htm
https://github.com/FULLSHADE/Kernel-exploits
https://github.com/FULLSHADE/Kernel-exploits/tree/master/MaxProc64.sys
https://www.maxpcsecure.com/spywaredetector.htm