ZeroPeril Ltd has discovered two issues inside the amdpsp.sys (v4.13.0.0) kernel driver module that ships with the AMD Chipset Drivers package for multiple AMD chipsets. The first issue is an information disclosure type security vulnerability and the second is a memory leak type bug due to insufficient releasing of all associated allocated resources upon request. The researchers have verified both in the latest Revision Number (2.13.27.501) of the package that was released the 4th of February 2021.
d827c9bf70e10c8aa6de32322ba69539b034444015352799b800c077dfa9a502A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Symantec Endpoint Protection versions 14.x below 14.2 (RU1) and 12.x below 12.1 (RU6 MP10) are affected. Symantec Endpoint Protection Small Business Edition versions 12.x below 12.1 (RU6 MP10c) are affected.
ba684560b58492719e146b7962feca0b68d0d97a728a6b906962fa4a1fc92df6The Bitdefender GravityZone installer suffers from a signature bypass issue that allows for code execution.
fb4f2c303fb26dbec83a73792998329051382c1f4c7fca1e1fe8417ff62ba2e5Sophos SafeGuard Enterprise versions 8.00.4 and earlier, SafeGuard Easy versions 7.00.2.35 and earlier, and SafeGuard LAN Crypt versions 3.95.1.13 and earlier suffer from privilege escalation vulnerabilities.
9d5c7e91f7c46dfdf969ae19225d278303fd9a6345ad15d65c8e24018ea0b127Vulnerabilities in Symantec Encryption Desktop and Endpoint Encryption allow an attacker to attain arbitrary hard disk read and write access at sector level, and subsequently infect the target and gain low level persistence (MBR/VBR). They also allow the attacker to execute code in the context of the built-in SYSTEM user account, without requiring a reboot.
c552a0d5a2f17481d112b351045fec72aa1777dac0c1e90c745138d741a25e68This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.
c9bce4e23ea1292a32341faf837c4893b70736ec88069aa0e359dff8ea63548cA design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect the host by dropping its files out of it and/or by modifying existing legitimate files of any type. Affected products include Avast Internet Security v11.x.x, Avast Pro Antivirus v11.x.x, Avast Premier v11.x.x, Avast Free Antivirus v11.x.x, Avast Business Security v11.x.x, Avast Endpoint Protection v8.x.x, Avast Endpoint Protection Plus v8.x.x, Avast Endpoint Protection Suite v8.x.x, Avast Endpoint Protection Suite Plus v8.x.x, Avast File Server Security v8.x.x, and Avast Email Server Security v8.x.x.
7fd3ef05288e1690d62a92d2e2d6b6fd6cc0392156eb537960ff2d8cc0ea7037Panda Security URL Filtering versions prior to 4.3.1.9 suffer from a privilege escalation vulnerability.
3190c8010d3158046fed24fe39c4f0bba14a6dceff1ddf7ffb4f75cf4b6b29abPanda Endpoint Administration Agent versions prior to 7.50.00 suffer from a privilege escalation vulnerability.
a9b0b633852d1bfa15f74b01a50238f33b6bea360eb3c5eb3d8a877bc3f67c15Avast versions 11.1.2245 and below suffer from a heap overflow bug in the Avast Virtualization kernel mode driver (aswSnx.sys).
2c796139cc9e2722f6b6c01834bdd5bbb89e28eec134eb6c447b41be2bb893a4The Network Driver Interface Specification (NDIS) provides a programming interface specification that facilitates from the network driver architecture perspective the communication between a protocol driver and the underlying network adapter. In Windows OS the so called "NDIS wrapper" (implemented in the Ndis.sys) provides a programming layer of communication between network protocols (TCP/IP) and all the underlying NDIS device drivers so that the implementation of high-level protocol components are independent of the network adapter itself. During vulnerability research from a local security perspective that was performed over several software firewall products designed for Windows XP and Windows Server 2003 (R2 included), an issue during the loading and initialization of one of the OS NDIS protocol drivers was identified; specifically the 'Remote Access and Routing Driver' called wanarp.sys. This issue can be exploited through various NDIS 5.x filter intermediate drivers that provide the firewall functionality of several security related products. The resulting impact is vertical privilege escalation which allows a local attacker to execute code with kernel privileges from any account type, thus completely compromising the affected host.
730dfd4333f38eeac096e605cfc535fc646d5e90e3533d3a53e73d4707bb7d53McAfee File Lock Driver does not handle correctly GUIDs of the encrypted vaults, which allows to crash the host by crafting a specific IOCTL with a malformed Vault GUID which is used to identify an object of FILE_DEVICE_DISK DeviceType, causing a kernel stack based buffer overflow. McPvDrv.sys version 4.6.111.0 is vulnerable.
630b8a3d4523538ded4d87575e898edf1599ae13e6a4b1b0f4e7d8231325f5d6McAfee File Lock Driver McPvDrv.sys version 4.6.111.0 suffers from a memory leak vulnerability.
04c8d5c31b7ee243b018718bfc3219e46bdaa41850c8c43eb7249df641e6d335Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer.
017a81162eb94fe7a9a71b19ac47e7b58ea849b57dcaba936c68c4e615a3aa90Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer. Version 1.0.0.13 is affected.
eab4ee724270c93a18fa3a73a94be01509bfed60588585695b11e21975000fa3Latest, and possibly earlier versions of K7Sentry.sys kernel mode driver, also named as the 'K7AV Sentry DeviceDriver', suffers from an out-of-bounds write condition that can be exploited locally by an attacker in order to execute code with kernel privileges. Successful exploitation of this bug results into vertical privilege escalation.
6ae24cdc2a10bd71691607ae39c1e9f6b50c8cf29c8b4c8a7f48bca25d729187K7Sentry.sys kernel mode driver version 12.8.0.104 suffers from a null pointer dereference vulnerability.
bba500e92fa30973d660f8038bd80dd3b8ce9f1800b630163a16a0ea6de85d50Latest, and possibly earlier versions of K7FWFilt.sys kernel mode driver, also named as the 'K7Firewall Packet Driver', suffers from a heap overflow condition that can be exploited locally by an attacker in order to execute code with kernel privileges. Successful exploitation of this bug results in vertical privilege escalation.
5f70f46819ed69a70be4689425f0203bacc85b239ad8f355847971ce2417afeeFaronics Deep Freeze Standard and Enterprise suffers from an arbitrary code execution vulnerability.
27fb76254363929ae6c1caac2afa6005830a4d1520926bd16a9b059055f1e885ESET versions 5.0 through 7.0 suffer from a kernel memory leak vulnerability.
8b5888960f4d9b82098187fccdeffd23d87b222ac084d8ed2407392d581bf827Panda 2014 products suffer from a heap overflow vulnerability that allows for privilege escalation.
ee7570db291ac19c2cacdd5efdcf59e3ad74d5faf572b58900607b82cf340cd4ESET Windows Products versions 5.0 through 7.0 (Firewall Module Build 1183 (20140214) and earlier) suffer from a privilege escalation vulnerability.
dece2baa665e8eaa6eefd41fcb60bffa50108ef2c1df166fbc98dc57cbe85529G Data TotalProtection 2014 version 24.0.2.1 suffers from an arbitrary code execution vulnerability.
d13c4d1c5599bcffe508e75fe31ffdd878a567e0ff4fc55a9e3ea8326e575583All users of the following (and possibly earlier) versions of Panda security products for Windows are vulnerable to a local privilege escalation which allows a local attacker to elevate privileges from any account type and execute code as SYSTEM, thus obtaining full access over the compromised host.
bd05592c98a9bbeefe7ba5ee744232314670a99e8285c1dafadcf505cd119f51PCNetSoftware RAC server versions 4.0.4 and 4.0.5 suffer from a denial of service vulnerability.
12bb65a7bc6783dea9e1ade46281f4de7f58d684482c5c0ea3f406da057f11bf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed