Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
WindowsKernelVuln/CVE-2023-1642/
WindowsKernelVuln/CVE-2023-1642/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
 
 

IObit Malware Fighter, ObCallbackProcess.sys, DoS

Vulnerability Info

Version

Impact

Denial of Service

Description

From IoControlCode 0x222034, 0x222038, 0x22203C, and 0x222040, there is no validation of pool boundary in the function, which may access uninitialized memory and cause BSOD.

Reproduce

In the attached file DoS3.zip, there are DoS3.exe, DoS3.cpp, iobit_malware_fighter_setup.exe, and ObCallbackProcess.sys. DoS3.exe is the PoC to cause DoS where iobit_malware_fighter_setup.exe which contains the vulnerable driver ObCallbackProcess.sys is installed, and DoS3.cpp is the source code of DoS3.exe. To reproduce the issue, install iobit_malware_fighter_setup.exe and execute DoS3.exe. It is expected that the system will crash (BSOD) once DoS3.exe is executed. Password for attachment: DoS3 https://drive.google.com/file/d/1iWdqJ9PsBp1W5xINpUdQ28xbx_tB9xxf/view?usp=sharing