We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.
Reserved 2024-11-07 | Published 2024-12-16 | Updated 2024-12-16 | Assigner rapid7CWE-20 Improper Input Validation
We thank David Baptiste from the ERNW Vulnerability Disclosure Team for responsibly disclosing this issue.
github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1
Support options