CVE-2018-5410 – Dokan file system driver contains a stack-based buffer overflow

https://notcve.org/view.php?id=CVE-2018-5410

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update. Dokan, desde la versión 1.0.0.5000 hasta la 1.2.0.1000, es vulnerable a un desbordamiento de búfer basado en pila en el controlador dokan1.sys. Un atacante podría crear un manejador de dispositivo en el controlador del sistema y enviar entradas arbitrarias que provocarán esta vulnerabilidad. • https://www.exploit-db.com/exploits/46155 http://www.securityfocus.com/bid/106274 https://cwe.mitre.org/data/definitions/121.html https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000 https://kb.cert.org/vuls/id/741315 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •