Heap-based Buffer Underflow Vulnerability in SdoKeyCrypt.sys Driver in Shanda MapleStory Online V160

Heap-based Buffer Underflow Vulnerability in SdoKeyCrypt.sys Driver in Shanda MapleStory Online V160

CVE-2019-9729 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow.

Learn more about our Web Application Penetration Testing UK.