PT-2023-17028 · Max Secure · Max Secure Anti Virus Plus
Zeze7W
·
Published
2023-03-18
·
Updated
2024-05-17
·
CVE-2023-1491
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Max Secure Anti Virus Plus version 19.0.2.1
Description
A critical issue has been found, affecting the
0x220020 function in the MaxCryptMon.sys library of the IoControlCode Handler component. This leads to improper access controls, requiring local access for exploitation. The issue has been publicly disclosed and may be exploited.Recommendations
For Max Secure Anti Virus Plus version 19.0.2.1, consider restricting access to the
MaxCryptMon.sys library to minimize the risk of exploitation. As a temporary workaround, limit the use of the IoControlCode Handler component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Max Secure Anti Virus Plus