Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
WindowsKernelVuln/CVE-2023-1453/
WindowsKernelVuln/CVE-2023-1453/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
 
 

Watchdog Anti-Virus, wsdk-driver.sys, Delete File

Vulnerability Info

Version

Impact

Delete Arbitrary File

Description

From IoControlCode 0x80002008, a normal user can force delete any file due to the lack of access control to the operation.

Reproduce

In the attached file DeleteFile.zip, there are DeleteFile.exe, DeleteFile.cpp, WAV_Setup.exe, and wsdk-driver.sys. DeleteFile.exe is the PoC to delete any file where WAV_Setup.exe which contains the vulnerable driver wsdk-driver.sys is installed, and DeleteFile.cpp is the source code of DeleteFile.exe. To reproduce the issue, just install WAV_Setup.exe and execute DeleteFile.exe. It is expected that the cmd.exe is deleted once DeleteFile.exe is executed. Password for attachment: DeleteFile https://drive.google.com/file/d/1ivMk1uVAvPCCAxqiD2BW9gD1TsktQkpi/view?usp=sharing