Description
A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-15
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local privilege escalation vulnerability exists in the dvdfabio.sys signed kernel driver of DVDFab Virtual Drive 2.0.0.5. Manipulation of an unknown function in this driver may allow a local attacker to gain SYSTEM privileges, compromising the entire Windows system. The weakness is rooted in improper privilege granting routines, reflected by CWE‑266 and CWE‑269.

Affected Systems

The flaw affects DVDFab Virtual Drive version 2.0.0.5, which runs on Windows and includes the dvdfabio.sys signed kernel driver. No other products or variants are indicated by the CNA data or public references, so only systems with that specific release are impacted.

Risk and Exploitability

The vulnerability has a CVSS score of 8.5, indicating high severity. The EPSS score is not provided, so the exploitation probability cannot be quantified from official data. The vulnerability is not listed in CISA's KEV catalog, and no official vendor patch has been released according to the available information, which raises concern for environments where local users can execute code. The attack is local, and the exploit has been publicly disclosed, so the risk remains significant.

Generated by OpenCVE AI on June 15, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Monitor vendor announcements and install any forthcoming patch that addresses the dvdfabio.sys privilege issue.
  • If the software is not required for operations, uninstall DVDFab Virtual Drive 2.0.0.5 to remove the vulnerable driver from the system.
  • Restrict local user accounts to non‑administrator rights, prevent them from loading signed drivers, and periodically review Event Log entries for suspicious driver load or privilege escalation events.

Generated by OpenCVE AI on June 15, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management
First Time appeared Dvdfab
Dvdfab virtual Drive
Weaknesses CWE-266
CWE-269
CPEs cpe:2.3:a:dvdfab:virtual_drive:*:*:*:*:*:*:*:*
Vendors & Products Dvdfab
Dvdfab virtual Drive
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Dvdfab Virtual Drive
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-15T04:00:06.971Z

Reserved: 2026-06-14T13:45:41.372Z

Link: CVE-2026-12217

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-15T04:16:26.350

Modified: 2026-06-15T04:16:26.350

Link: CVE-2026-12217

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T06:30:33Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-269

    Improper Privilege Management