PT-2018-17657 · Malwarefox · Malwarefox Antimalware

Souhail Hammou

Published

2018-02-03

Updated

2019-10-03

CVE-2018-6593

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MalwareFox AntiMalware version 2.74.0.150

Description An issue was discovered that allows improper access control due to a vulnerability in the zam32.sys and zam64.sys drivers. A non-privileged process can exploit this by connecting to the filter communication port and then using IOCTL 0x8000204C to elevate privileges.

Recommendations For MalwareFox AntiMalware version 2.74.0.150, consider restricting access to the zam32.sys and zam64.sys drivers as a temporary workaround until a patch is available. Avoid using IOCTL 0x8000204C in the .ZemanaAntiMalware endpoint until the issue is resolved.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-6593

Affected Products

Malwarefox Antimalware

PT-2018-17657 · Malwarefox · Malwarefox Antimalware

CVE-2018-6593

Weakness Enumeration

Related Identifiers

Affected Products

References · 4