CVE-2018-6606

Name of the Vulnerable Software and Affected Versions MalwareFox AntiMalware version 2.74.0.150

Description The issue is related to improper access control in the zam32.sys and zam64.sys drivers, which allows a non-privileged process to elevate privileges. This can be achieved by sending specific IOCTL commands, such as IOCTL 0x80002010 and IOCTL 0x8000204C, to the .ZemanaAntiMalware endpoint. There is also a mention of exploiting this issue using a VBA/Word document, but details are not provided.

Recommendations For MalwareFox AntiMalware version 2.74.0.150, consider restricting access to the zam32.sys and zam64.sys drivers to prevent non-privileged processes from registering themselves and elevating privileges. Avoid using the IOCTL 0x80002010 and IOCTL 0x8000204C commands to the .ZemanaAntiMalware endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.