| Title | Wise Force Deleter, WiseUnlock64.sys, Arbitrary Delete File |
|---|
| Description | Version: Wise Force Deleter x.x.x.x, WiseUnlock64.sys x.x.x.x
https://www.wisecleaner.com/wise-force-deleter.html
Impact: Arbitrary Delete File
Description: From IoControlCode 0x220004, a normal user can delete any file due to the lack of access control.
Reproduce: In the attached file ArbitraryDeleteFile.zip, there are ArbitraryDeleteFile.exe, ArbitraryDeleteFile.cpp, WFDSetup_1.5.3.54.exe, and WiseUnlock64.sys. ArbitraryDeleteFile.exe is the PoC to delete any file arbitrarily where WFDSetup_1.5.3.54.exe which contains the vulnerable driver WiseUnlock64.sys is installed, and ArbitraryDeleteFile.cpp is the source code of ArbitraryDeleteFile.exe. To reproduce the issue, just install WFDSetup_1.5.3.54.exe and execute ArbitraryDeleteFile.exe. It is expected that C:\Windows\System32\cmd.exe will be deleted once ArbitraryDeleteFile.exe is executed. Password for attachment: ArbitraryDeleteFile
https://drive.google.com/file/d/1Ziu1Ut_-01mDpjdj2Z8rfiU7gtUd_WVU/view?usp=sharing
|
|---|
| Source | ⚠️ https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned15 |
|---|
| User | Zeze7w (UID 40823) |
|---|
| Submission | 03/17/2023 14:50 (3 years ago) |
|---|
| Moderation | 03/18/2023 21:02 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223372 [Lespeed WiseCleaner Wise Force Deleter 1.5.3.54 IoControlCode WiseUnlock64.sys 0x220004 access control] |
|---|
| Points | 20 |
|---|