| 제목 | Easy File Locker, xlkfs.sys, DoS |
|---|
| 설명 | Version: Easy File Locker x.x.x.x, xlkfs.sys x.x.x.x, DoS
Impact: Denial of Service
Description: In MessageNotifyCallback, a normal user can send a large value by FilterConnectCommunicationPort to cause out of bound due to the lack of validating input buffer, which will lead to DoS or possibly have unspecified other impact.
Reproduce: In the attached file DoS.zip, there are DoS.exe, DoS.cpp, EFL2.2_Setup(x64).exe, and xlkfs.sys. DoS.exe is the PoC to cause BSOD where EFL2.2_Setup(x64).exe which contains the vulnerable driver xlkfs.sys is installed, and DoS.cpp is the source code of DoS.exe. To reproduce the issue, just install EFL2.2_Setup(x64).exe and execute DoS.exe. It is expected that the system will crash (BSOD) once DoS.exe is executed. Password for attachment (DoS.zip): DoS
https://drive.google.com/file/d/1eow4SP11iEza9D4_Dz7hkouOqJQynA_2/view?usp=sharing |
|---|
| 원천 | ⚠️ https://xoslab.com/efl.html |
|---|
| 사용자 | Zeze7w (UID 40823) |
|---|
| 제출 | 2023. 02. 13. AM 06:21 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 02. 18. AM 08:55 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 221457 [Xoslab Easy File Locker 2.2.0.184 xlkfs.sys MessageNotifyCallback 서비스 거부] |
|---|
| 포인트들 | 17 |
|---|