CVE-2026-12784
Received Received - Intake
IM-Magic Partition Resizer Kernel Driver Access Control Flaw

Publication date: 2026-06-21

Last updated on: 2026-06-21

Assigner: VulDB

Description
A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-21
Last Modified
2026-06-21
Generated
2026-06-21
AI Q&A
2026-06-21
EPSS Evaluated
N/A
NVD
CVE-2026-12784
EUVD
EUVD-2026-38149
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
chongqing_niubi_technology_co_ltd im-magic_partition_resizer 7.9.0
chongqing_niubi_technology_co_ltd mda_ntdrv 7.9.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-12784 is a local privilege escalation vulnerability found in IM-Magic Partition Resizer version 7.9.0, specifically in its kernel driver MDA_NTDRV.sys.

The vulnerability arises because the driver exposes a raw disk forwarding device that allows standard local users to bypass Windows file access controls.

This means unprivileged users can perform arbitrary read and write operations directly on physical disks, including accessing and modifying files that are normally restricted to SYSTEM and Administrator accounts.

The exploit involves loading the vulnerable driver, creating a temporary disk, and using scripts to interact with the exposed device to bypass access control lists and modify protected data.

Impact Analysis

This vulnerability can allow a local attacker with standard user privileges to escalate their privileges to those of an administrator or SYSTEM.

By bypassing file access controls, the attacker can read, modify, or delete sensitive system files and data that should be protected.

Such unauthorized access and modification can lead to system compromise, data corruption, or unauthorized control over the affected system.

Compliance Impact

This vulnerability allows local users to bypass Windows file access controls and perform unauthorized read and write operations on protected system files and data. Such unauthorized access and modification of sensitive data can lead to violations of data protection requirements mandated by standards and regulations like GDPR and HIPAA.

Specifically, the ability to tamper with or access protected files that are restricted to SYSTEM and Administrators undermines the confidentiality and integrity of sensitive information, which are core principles in compliance frameworks.

Therefore, exploitation of this vulnerability could result in non-compliance with regulations that require strict access controls and protection of personal or sensitive data.

Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable kernel driver file MDA_NTDRV.sys on the system, specifically version 7.9.0 or earlier. The driver exposes a raw disk forwarding device named \\.\MDA_NTDRV\<disk> that allows local users to bypass Windows file access controls.

Detection can involve verifying the SHA-256 hash of the MDA_NTDRV.sys file to see if it matches the known vulnerable hash: 6DED9FFF47488D7B335DD3C9BBBD838C60FF1AFE28CCB8BB329D021592FFE9F3.

Additionally, one can attempt to interact with the exposed device using proof-of-concept scripts or tools that try to read or write raw disk clusters via the device \\.\MDA_NTDRV\<disk> to confirm if access controls are improperly enforced.

  • Check for the presence of MDA_NTDRV.sys driver file on the system.
  • Verify the SHA-256 hash of MDA_NTDRV.sys matches 6DED9FFF47488D7B335DD3C9BBBD838C60FF1AFE28CCB8BB329D021592FFE9F3.
  • Use commands or scripts to attempt accessing the device \\.\MDA_NTDRV\<disk> to test for unauthorized read/write capabilities.
Mitigation Strategies

Immediate mitigation steps include restricting access to the device object exposed by the vulnerable driver to prevent unprivileged users from interacting with it.

Other recommended actions are to use secure device creation methods, validate all caller requests to the driver, and avoid forwarding arbitrary disk requests through the driver.

Since the vendor has not responded or provided a patch, consider removing or disabling the vulnerable driver MDA_NTDRV.sys if possible, or limiting local user privileges to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12784. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart