CVE-2026-12217
Received Received - Intake
Improper Privilege Management in DVDFab Virtual Drive

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: VulDB

Description
A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-12217
EUVD
EUVD-2026-36690
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dvdfab virtual_drive 2.0.0.5
dvdfab dvdfabio 1.5.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows a low-privileged local user to escalate privileges by bypassing normal access controls on sensitive Windows registry keys, including those that store critical security information such as the SAM hive.

Such unauthorized access and potential tampering or disclosure of sensitive system data can lead to violations of security requirements mandated by common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and strict access controls.

Therefore, exploitation of this vulnerability could compromise the confidentiality, integrity, and availability of sensitive information, negatively impacting compliance with these regulations.

Executive Summary

This vulnerability exists in the DVDFab Virtual Drive version 2.0.0.5, specifically in a signed kernel driver called dvdfabio.sys. The driver exposes an interface that allows local users to perform registry operations from kernel mode without proper access checks.

Normally, standard users cannot write to protected registry keys or access sensitive registry hives like HKLM\SAM\SAM. However, this driver provides IOCTLs that let a low-privileged user obtain kernel-opened handles to these protected keys, bypassing Windows' normal security.

As a result, a standard user can write to protected registry values or read sensitive registry data, which should normally be restricted. This improper privilege management can lead to privilege escalation and other malicious activities.

Impact Analysis

This vulnerability can allow a local attacker with standard user privileges to escalate their privileges by writing to protected registry keys or reading sensitive registry data.

  • Privilege escalation enabling the attacker to gain higher system privileges.
  • Persistence by tampering with system configuration through registry modifications.
  • Disclosure of sensitive information stored in protected registry hives.
  • Potential disruption or manipulation of system behavior due to unauthorized registry changes.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12217. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart