| शीर्षक | QILING Disk Master Kernel Driver diskbckp.sys 6, 0, 0, 0 Local Privilege Escapation |
|---|
| विवरण | QILING Disk Master Free ships a kernel driver, diskbckp.sys, that exposes the device \\.\diskbakdrv1 to a standard local user. A non-administrative user can open that device, attach a disk context, and issue an IOCTL that writes caller-controlled bytes to a selected raw disk offset.
The proof below uses only a temporary VHD and an administrator-only test file. The standard user cannot read or open the protected file for write through normal Windows file APIs, and cannot open the raw disk after the test volume is dismounted. The same user can still overwrite the file's raw NTFS clusters through the vendor driver.
An unprivileged user can exploit arbitrary read/write primitives over protected file resources to achieve local privilege escalation. |
|---|
| स्रोत | ⚠️ https://winslow1984.com/books/cve-collection/page/qiling-disk-master-kernel-driver-diskbckpsys-6-0-0-0-local-privilege-escalation |
|---|
| उपयोगकर्ता | winslow1984 (UID 79140) |
|---|
| सबमिशन | 22/05/2026 07:34 AM (2 महीनों पहले) |
|---|
| संयम | 11/07/2026 11:44 AM (2 months later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 377781 [QILING Disk Master 6.0.0.0 Kernel Driver diskbckp.sys अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|