| عنوان | Jianming Antivirus, kvcore.sys, Arbitrary Address Write |
|---|
| الوصف | Version: Jianming Antivirus 16.2.2022.418, kvcore.sys x.x.x.x
https://www.jiangmin.com/plus/list.php?tid=65
Impact: Arbitrary Address Write
Description: From IoControlCode 0x222010, a normal user can write into any valid address which can be leveraged to abuse criticle kernel structures if the linked list is not null.
Reproduce: In the attached file ArbitraryAddressWrite.zip, there are ArbitraryAddressWrite.exe, ArbitraryAddressWrite.cpp, JMV21Web20220419.exe, and kvcore.sys. ArbitraryAddressWrite.exe is the PoC to cause BSOD where JMV21Web20220419.exemsi contains the vulnerable driver kvcore.sys installed, and ArbitraryAddressWrite.cpp is the source code of ArbitraryAddressWrite.exe. To reproduce the issue, install JMV21Web20220419.exe and execute ArbitraryAddressWrite.exe. It is expected that the target address will be written once ArbitraryAddressWrite.exe is executed. Password for attachment: ArbitraryAddressWrite
https://drive.google.com/file/d/1soMFXUAYkCttFDA_icry6q-irb2jdAxw/view?usp=sharing |
|---|
| المصدر | ⚠️ https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned31 |
|---|
| المستخدم | Zeze7w (UID 40823) |
|---|
| ارسال | 24/03/2023 09:52 AM (3 سنوات منذ) |
|---|
| الاعتدال | 25/03/2023 11:06 AM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 224011 [JiangMin Antivirus 16.2.2022.418 IOCTL kvcore.sys 0x222010 تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|