| 标题 | Twister Antivirus, filmfd.sys, Arbitrary File Operation |
|---|
| 描述 | Version: Twister Antivirus 8, filmfd.sys 2.0.0.7165
http://www.filseclab.com/en-us/downloads.htm
Impact: Arbitrary File Operation
Description: From IoControlCode 0x801120E4, a normal user can create, read, and write arbitrary file due to the lack of access control.
Reproduce: In the attached file ArbitraryFileOperation.zip, there are ArbitraryFileOperation.exe, ArbitraryFileOperation.cpp, twister8_setup.exe, and filmfd.sys. ArbitraryFileOperation.exe is the PoC to create, read, and write arbitrary file where twister8_setup.exe which contains the vulnerable driver filmfd.sys is installed, and ArbitraryFileOperation.cpp is the source code of ArbitraryFileOperation.exe. To reproduce the issue, just install twister8_setup.exe and execute ArbitraryFileOperation.exe. It is expected that `C:\Windows\haha.txt` will be created once ArbitraryFileOperation.exe is executed.
https://drive.google.com/file/d/1wh20g2Ze4gwCtripe7QeHNXd3bS4aZNG/view?usp=sharing |
|---|
| 来源 | ⚠️ https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned2 |
|---|
| 用户 | Zeze7w (UID 40823) |
|---|
| 提交 | 2023-02-21 16時30分 (3 年前) |
|---|
| 管理 | 2023-02-24 11時23分 (3 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 221740 [Twister Antivirus 8.17 IoControlCode filmfd.sys 0x801120E4 权限提升] |
|---|
| 积分 | 20 |
|---|