CVE-2018-5410

Dokan file system driver contains a stack-based buffer overflow

EPSS 1.6%CWE-121

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.

Affected products

Dokan · Open Source File System

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/46155/unverified exploitdbwww.exploit-db.com/exploits/46155unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cwe.mitre.org/data/definitions/121.html https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000 https://kb.cert.org/vuls/id/741315/https://www.exploit-db.com/exploits/46155/http://www.securityfocus.com/bid/106274