NetEase NeacSafe64 Driver Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the NetEase NeacSafe64 Driver, specifically in versions prior to v1.0.0.8. This vulnerability allows local attackers to escalate privileges by sending crafted IOCTL commands to the NeacSafe64.sys component. Exploitation of this issue could lead to acquisition of SYSTEM privileges and execution of arbitrary shellcode in kernel space.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation to SYSTEM level, with the potential for arbitrary code execution in kernel mode.

Reproduction

The vulnerability can be reproduced by deploying the NeacSafe64 driver via the NeacSafe64.inf file. After the driver is installed, the NeacController.exe application can be executed. This application will exploit the vulnerability, resulting in a privileged command prompt process being spawned. It is important to note that the demonstration payload used in this exploitation currently does not produce observable behavior on the system. However, for effective validation of the vulnerability, the placeholder shellcode can be replaced with a specific opcode that triggers a breakpoint exception, causing a debugger break-in or a system crash if unhandled.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the

NetEase NeacSafe64 Driver Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating