Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
WindowsKernelVuln/CVE-2023-1646/
WindowsKernelVuln/CVE-2023-1646/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
 
 

IObit Malware Fighter, IMFCameraProtect.sys, LPE

Vulnerability Info

Version

Impact

Local Privilege Escalation

Description

From IoControlCode 0x8018E000 and 0x8018E004, there is stack overflow when calling memmove with the src address and size controllable, which leads to LPE.

Reproduce

In the attached file LPE.zip, there are LPE.exe, LPE.cpp, iobit_malware_fighter_setup.exe, and IMFCameraProtect.sys. LPE.exe is the PoC to cause local privilege escalation where iobit_malware_fighter_setup.exe which contains the vulnerable driver IMFCameraProtect.sys is installed, and LPE.cpp is the source code of LPE.exe. To reproduce the issue, install iobit_malware_fighter_setup.exe and execute LPE.exe. It is expected that the cmd pops up with SYSTEM privilege once LPE.exe is executed. Password for attachment: LPE https://drive.google.com/file/d/1GITWzh29cRcycVqVJgMJuX6emE_f1KPV/view?usp=sharing