CVE-2009-1824

Name of the Vulnerable Software and Affected Versions: ArcaVir 2009 Antivirus Protection versions 9.4.3201.9 and earlier ArcaVir 2009 Internet Security versions 9.4.3202.9 and earlier ArcaVir 2009 System Protection versions 9.4.3203.9 and earlier ArcaBit 2009 Home Protection versions 9.4.3204.9 and earlier

Description: The issue allows local users to gain privileges via crafted METHOD NEITHER IOCTL requests to Deviceps drv containing arbitrary kernel addresses. This can be demonstrated using specific IOCTLs, such as 0x2A7B802B, and possibly others like 0x2A7B8004 and 0x2A7B802F.

Recommendations: For ArcaVir 2009 Antivirus Protection versions 9.4.3201.9 and earlier, consider disabling the ps drv.sys kernel driver until a patch is available. For ArcaVir 2009 Internet Security versions 9.4.3202.9 and earlier, restrict access to the Deviceps drv device to minimize the risk of exploitation. For ArcaVir 2009 System Protection versions 9.4.3203.9 and earlier, avoid using the METHOD NEITHER IOCTL requests to Deviceps drv until the issue is resolved. For ArcaBit 2009 Home Protection versions 9.4.3204.9 and earlier, as a temporary workaround, consider disabling the ps drv.sys kernel driver until a patch is available.