| Title | Watchdog Anti-Virus, wsdk-driver.sys, Delete File |
|---|
| Description | Version: Watchdog Anti-Virus x.x.x.x, wsdk-driver.sys x.x.x.x, Delete File
https://watchdog.dev/solutions/anti-virus/
Impact: Delete File
Description: From IoControlCode 0x80002008, a normal user can force delete any file due to the lack of access control to the operation.
Reproduce: In the attached file DeleteFile.zip, there are DeleteFile.exe, DeleteFile.cpp, WAV_Setup.exe, and wsdk-driver.sys. DeleteFile.exe is the PoC to delete any file where WAV_Setup.exe which contains the vulnerable driver wsdk-driver.sys is installed, and DeleteFile.cpp is the source code of DeleteFile.exe. To reproduce the issue, just install WAV_Setup.exe and execute DeleteFile.exe. It is expected that the cmd.exe is deleted once DeleteFile.exe is executed. Password for attachment: DeleteFile
https://drive.google.com/file/d/1ivMk1uVAvPCCAxqiD2BW9gD1TsktQkpi/view?usp=sharing |
|---|
| Source | ⚠️ https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned14 |
|---|
| User | Zeze7w (UID 40823) |
|---|
| Submission | 03/07/2023 17:19 (3 years ago) |
|---|
| Moderation | 03/17/2023 07:52 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223298 [Watchdog Anti-Virus 1.4.214.0 IoControlCode wsdk-driver.sys 0x80002008 access control] |
|---|
| Points | 20 |
|---|