| Titel | Twister Antivirus, filmfd.sys, Arbitrary File Operation |
|---|
| Beschreibung | Version: Twister Antivirus 8, filmfd.sys 2.0.0.7165
http://www.filseclab.com/en-us/downloads.htm
Impact: Arbitrary File Operation
Description: From IoControlCode 0x801120E4, a normal user can create, read, and write arbitrary file due to the lack of access control.
Reproduce: In the attached file ArbitraryFileOperation.zip, there are ArbitraryFileOperation.exe, ArbitraryFileOperation.cpp, twister8_setup.exe, and filmfd.sys. ArbitraryFileOperation.exe is the PoC to create, read, and write arbitrary file where twister8_setup.exe which contains the vulnerable driver filmfd.sys is installed, and ArbitraryFileOperation.cpp is the source code of ArbitraryFileOperation.exe. To reproduce the issue, just install twister8_setup.exe and execute ArbitraryFileOperation.exe. It is expected that `C:\Windows\haha.txt` will be created once ArbitraryFileOperation.exe is executed.
https://drive.google.com/file/d/1wh20g2Ze4gwCtripe7QeHNXd3bS4aZNG/view?usp=sharing |
|---|
| Quelle | ⚠️ https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned2 |
|---|
| Benutzer | Zeze7w (UID 40823) |
|---|
| Einreichung | 21.02.2023 16:30 (vor 3 Jahren) |
|---|
| Moderieren | 24.02.2023 11:23 (3 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 221740 [Twister Antivirus 8.17 IoControlCode filmfd.sys 0x801120E4 erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|