Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Public Reference for CVE-2021-31727

Affected Product: MalwareFox AntiMalware 2.74.0.150
Affected Component: zam64.sys, zam32.sys
Vulnerability Type: Local, incorrect access control
Impact: High, arbitrary ring 0 code execution

Description

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTL's to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile.

A proof of concept for disk read/writing is available at disk_rw/main.c.