Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Kernel-exploits/MaxProc64.sys/
Kernel-exploits/MaxProc64.sys/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 

CVE-2020-12122

In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtls 0x2200019. This also extends to the various other products from Max Secure which include this driver.

Data passed to this IOCTL that is invalid results in a BSOD.

Edit : It seems like @hFireF0X discovered this around the same time as I, my CVE request took months, and it doesn't look like they (or anyone) requested one.

That makes this like a 1/3rd 0day discovery, but within this repo is a POC for BSOD.


# Exploit Title: Max Secure Max SPyware Detector (MaxProc64.sys) IOCTL DOS
# Google Dork: N/A
# Date: 04/10/2020
# Exploit Author: FULLSHADE
# Vendor Homepage: https://www.maxpcsecure.com
# Software Link: http://www.maxpcsecure.com/MaxSDDM.exe
# Version: 1.0.0.044
# Tested on: Windows 7
# CVE : CVE-2020-12122

NIST: NVD

Base Score: 7.8 HIGH

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H