CVE: CVE-2003-1233

Export to Word

Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

S9 – Sabotage of System/App

EPSS

Score: 0.0015
Percentile: 0.36398

CVSS Scoring

CVSS v3.1 Score: 9.8

Severity: CRITICAL

Mapped CWE(s)

CWE-59 : Improper Link Resolution Before File Access ('Link Following')

All CAPEC(s)

CAPEC-132: Symlink Attack
CAPEC-17: Using Malicious Files
CAPEC-35: Leverage Executable Code in Non-Executable Files
CAPEC-76: Manipulating Web Input to File System Calls

CAPEC(s) with Mapped TTPs

CAPEC-132: Symlink Attack
Mapped TTPs:
- T1547.009 : Shortcut Modification
CAPEC-17: Using Malicious Files
Mapped TTPs:
- T1574.005 : Executable Installer File Permissions Weakness
- T1574.010 : Services File Permissions Weakness
CAPEC-35: Leverage Executable Code in Non-Executable Files
Mapped TTPs:
- T1027.006 : HTML Smuggling
- T1027.009 : Embedded Payloads
- T1564.009 : Resource Forking

Mapped ATT&CK TTPs

T1547.009 : Shortcut Modification
Kill Chain: persistence
T1574.005 : Executable Installer File Permissions Weakness
Kill Chain: persistence
T1574.010 : Services File Permissions Weakness
Kill Chain: persistence
T1027.006 : HTML Smuggling
Kill Chain: defense-evasion
T1027.009 : Embedded Payloads
Kill Chain: defense-evasion
T1564.009 : Resource Forking
Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

C0021

Affected Products

cpe:2.3:a:pedestalsoftware:integrity_protection_driver:*:*:*:*:*:*:*:*

← Back to Home