Watchdog Anti-Virus, wsdk-driver.sys, Delete File
Vulnerability Info
Version
- Watchdog Anti-Virus 1.4.214.0, wsdk-driver.sys 0.3.1.0
- https://watchdog.dev/solutions/anti-virus/
Impact
Delete Arbitrary File
Description
From IoControlCode 0x80002008, a normal user can force delete any file due to the lack of access control to the operation.
Reproduce
In the attached file DeleteFile.zip, there are DeleteFile.exe, DeleteFile.cpp, WAV_Setup.exe, and wsdk-driver.sys. DeleteFile.exe is the PoC to delete any file where WAV_Setup.exe which contains the vulnerable driver wsdk-driver.sys is installed, and DeleteFile.cpp is the source code of DeleteFile.exe. To reproduce the issue, just install WAV_Setup.exe and execute DeleteFile.exe. It is expected that the cmd.exe is deleted once DeleteFile.exe is executed. Password for attachment: DeleteFile https://drive.google.com/file/d/1ivMk1uVAvPCCAxqiD2BW9gD1TsktQkpi/view?usp=sharing