| Название | Twister Antivirus, filmfd.sys, Arbitrary File Operation |
|---|
| Описание | Version: Twister Antivirus 8, filmfd.sys 2.0.0.7165
http://www.filseclab.com/en-us/downloads.htm
Impact: Arbitrary File Operation
Description: From IoControlCode 0x801120E4, a normal user can create, read, and write arbitrary file due to the lack of access control.
Reproduce: In the attached file ArbitraryFileOperation.zip, there are ArbitraryFileOperation.exe, ArbitraryFileOperation.cpp, twister8_setup.exe, and filmfd.sys. ArbitraryFileOperation.exe is the PoC to create, read, and write arbitrary file where twister8_setup.exe which contains the vulnerable driver filmfd.sys is installed, and ArbitraryFileOperation.cpp is the source code of ArbitraryFileOperation.exe. To reproduce the issue, just install twister8_setup.exe and execute ArbitraryFileOperation.exe. It is expected that `C:\Windows\haha.txt` will be created once ArbitraryFileOperation.exe is executed.
https://drive.google.com/file/d/1wh20g2Ze4gwCtripe7QeHNXd3bS4aZNG/view?usp=sharing |
|---|
| Источник | ⚠️ https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned2 |
|---|
| Пользователь | Zeze7w (UID 40823) |
|---|
| Представление | 21.02.2023 16:30 (3 лет назад) |
|---|
| Модерация | 24.02.2023 11:23 (3 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 221740 [Twister Antivirus 8.17 IoControlCode filmfd.sys 0x801120E4 эскалация привилегий] |
|---|
| Баллы | 20 |
|---|