Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by DVDFab
CVE-2026-12217 (GCVE-0-2026-12217)
Vulnerability from cvelistv5 – Published: 2026-06-15 04:00 – Updated: 2026-06-15 14:56
VLAI
Title
DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management
Summary
A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370860 | vdb-entry |
| https://vuldb.com/vuln/370860/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12217 | third-party-advisory |
| https://vuldb.com/submit/833857 | third-party-advisory |
| https://winslow1984.com/books/cve-collection/page… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DVDFab | Virtual Drive |
Affected:
2.0.0.5
cpe:2.3:a:dvdfab:virtual_drive:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12217",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T14:55:46.982887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T14:56:23.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:dvdfab:virtual_drive:*:*:*:*:*:*:*:*"
],
"modules": [
"Signed Kernel Driver"
],
"product": "Virtual Drive",
"vendor": "DVDFab",
"versions": [
{
"status": "affected",
"version": "2.0.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "winslow1984 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T04:00:06.971Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370860 | DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/370860"
},
{
"name": "VDB-370860 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370860/cti"
},
{
"name": "CVE-2026-12217 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12217"
},
{
"name": "Submit #833857 | DVDFab DVDFab Virtual Drive 2.0.0.5 Local Privilege Escapation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/833857"
},
{
"tags": [
"exploit"
],
"url": "https://winslow1984.com/books/cve-collection/page/dvdfab-virtual-drive-kernel-driver-dvdfabiosys-local-privilege-escalation"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-14T15:50:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12217",
"datePublished": "2026-06-15T04:00:06.971Z",
"dateReserved": "2026-06-14T13:45:41.372Z",
"dateUpdated": "2026-06-15T14:56:23.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-25216 (GCVE-0-2022-25216)
Vulnerability from cvelistv5 – Published: 2022-03-11 17:54 – Updated: 2024-08-03 04:36
VLAI
Summary
An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>.
Severity
No CVSS data available.
CWE
- Path traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2022-07 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | DVDFab 12 Player / PlayerFab |
Affected:
6.2.1.0 - 7.0.0.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2022-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DVDFab 12 Player / PlayerFab",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.2.1.0 - 7.0.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://\u003cIP_ADDRESS\u003e:32080/download/\u003cURL_ENCODED_PATH\u003e."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T17:54:38.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2022-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2022-25216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DVDFab 12 Player / PlayerFab",
"version": {
"version_data": [
{
"version_value": "6.2.1.0 - 7.0.0.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://\u003cIP_ADDRESS\u003e:32080/download/\u003cURL_ENCODED_PATH\u003e."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2022-07",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2022-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2022-25216",
"datePublished": "2022-03-11T17:54:38.000Z",
"dateReserved": "2022-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}