- May 16, 2013
- 844
- Content source
- https://www.greyhathacker.net/?p=995
Here is a list of the 9 kernel vulnerabilities I discovered over a month ago in an antivirus product called IKARUS anti.virus which has finally been fixed. Most of the vulnerabilities were due to the inputted output buffer address (Irp->UserBuffer) being saved on the stack which is later used without being validated when using as an argument. The table below lists the ioctls, related CVE and type of vulnerability:
IOCTL | CVE ID | Vulnerability Type |
0x8300000c | CVE-2017-14961 | Arbitrary Write |
0x83000058 | CVE-2017-14962 | Out of Bounds Write |
0x83000058 | CVE-2017-14963 | Arbitrary Write |
0x8300005c | CVE-2017-14964 | Arbitrary Write |
0x830000cc | CVE-2017-14965 | Arbitrary Write |
0x830000c0 | CVE-2017-14966 | Arbitrary Write |
0x83000080 | CVE-2017-14967 | Arbitrary Write |
0x830000c4 | CVE-2017-14968 | Arbitrary Write |
0x83000084 | CVE-2017-14969 | Arbitrary Write |