CVE-2020-15479

EUVD-2020-7472
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
passmarkburnintest
𝑥
≤ 9.1
passmarkosforensics
𝑥
≤ 7.1
passmarkperformancetest
𝑥
≤ 10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/eset/vulnerability-disclosures
https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15479/CVE-2020-15479.md
https://www.passmark.com/forum/index.php
https://www.passmark.com/support/index.php
https://github.com/eset/vulnerability-disclosures
https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15479/CVE-2020-15479.md
https://www.passmark.com/forum/index.php
https://www.passmark.com/support/index.php