| Titel | Watchdog Anti-Virus, wsdk-driver.sys, Delete File |
|---|
| Beschreibung | Version: Watchdog Anti-Virus x.x.x.x, wsdk-driver.sys x.x.x.x, Delete File
https://watchdog.dev/solutions/anti-virus/
Impact: Delete File
Description: From IoControlCode 0x80002008, a normal user can force delete any file due to the lack of access control to the operation.
Reproduce: In the attached file DeleteFile.zip, there are DeleteFile.exe, DeleteFile.cpp, WAV_Setup.exe, and wsdk-driver.sys. DeleteFile.exe is the PoC to delete any file where WAV_Setup.exe which contains the vulnerable driver wsdk-driver.sys is installed, and DeleteFile.cpp is the source code of DeleteFile.exe. To reproduce the issue, just install WAV_Setup.exe and execute DeleteFile.exe. It is expected that the cmd.exe is deleted once DeleteFile.exe is executed. Password for attachment: DeleteFile
https://drive.google.com/file/d/1ivMk1uVAvPCCAxqiD2BW9gD1TsktQkpi/view?usp=sharing |
|---|
| Quelle | ⚠️ https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned14 |
|---|
| Benutzer | Zeze7w (UID 40823) |
|---|
| Einreichung | 07.03.2023 17:19 (vor 3 Jahren) |
|---|
| Moderieren | 17.03.2023 07:52 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 223298 [Watchdog Anti-Virus 1.4.214.0 IoControlCode wsdk-driver.sys 0x80002008 erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|