Soumettre #835607: AOMEI AOMEI Partition Assistant Kernel Driver ampa10.sys 10.10.1 Local Privilege Escapationinformation

TitreAOMEI AOMEI Partition Assistant Kernel Driver ampa10.sys 10.10.1 Local Privilege Escapation
Descriptionampa10.sys, shipped with AOMEI Partition Assistant Standard 10.10.1, exposes the \\.\wowrt device to a standard local user and forwards file read/write requests to the underlying disk stack. The forwarded requests are issued from kernel mode, so the normal Windows access check that prevents a standard user from opening \\.\PhysicalDriveN is bypassed. In a controlled proof, a standard Medium Integrity user could not open a temporary VHD-backed physical disk directly. The same user then wrote a unique 512-byte marker to that disk through \\.\wowrt\Partition0\DISK1, read it back through the driver, and an Administrator confirmed the marker by directly reading \\.\PhysicalDrive1 at the same offset. An unprivileged user can exploit arbitrary read/write primitives over protected file resources to achieve local privilege escalation.
La source⚠️ https://winslow1984.com/books/cve-collection/page/aomei-partition-assistant-10101-kernel-driver-ampa10sys-local-privilege-escalation
Utilisateur
 winslow1984 (UID 79140)
Soumission22/05/2026 07:31 (il y a 2 mois)
Modérer20/06/2026 11:36 (29 days later)
StatutAccepté
Entrée VulDB372519 [AOMEI Partition Assistant jusqu’à 10.10.1 Kernel Driver ampa10.sys élévation de privilèges]
Points20

Do you need the next level of professionalism?

Upgrade your account now!