CVE-2018-19650

Name of the Vulnerable Software and Affected Versions Antiy-AVL ATool security management version 1.0.0.22

Description The issue is caused by a failure to properly validate the length of user-supplied data, resulting in a kernel stack buffer overflow. This occurs within the processing of IOCTL 0x80002000 by the IRPFile.sys Antiy-AVL ATool kernel driver. An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this. The vulnerability can be leveraged to execute arbitrary code in the context of the kernel, potentially leading to privilege escalation. A failed exploit could result in denial of service.

Recommendations For Antiy-AVL ATool security management version 1.0.0.22, consider disabling the IRPFile.sys kernel driver as a temporary workaround until a patch is available. Restrict access to the IOCTL 0x80002000 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.