Vulnerability CVE-2009-1824


Published: 2009-05-29   Modified: 2012-02-13

Description:
The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs.

See advisories in our WLB2 database:
Topic
Author
Date
High
ArcaVir 2009 < 9.4.320X.9 (ps_drv.sys) Local Privilege Escalation Exploit
NT Internals
01.06.2009

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Arcabit -> Arcavir 2009 antivirus protection 
Arcabit -> Arcavir 2009 home protection 
Arcabit -> Arcavir 2009 internet security 
Arcabit -> Arcavir 2009 system protection 

 References:
http://www.vupen.com/english/advisories/2009/1428
http://www.securityfocus.com/bid/35100
http://www.milw0rm.com/exploits/8782
http://secunia.com/advisories/35260
http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip
http://ntinternals.org/ntiadv0814/ntiadv0814.html

Copyright 2024, cxsecurity.com

 

Back to Top