ArcaVir AntiVirus Products Privilege Escalation Vulnerability Network Vulnerability

Summary

This host is running ArcaVir AntiVirus Products and is prone to Privilege Escalation Vulnerability.

Impact

Successful exploitation will let the attacker pass kernel addresses as the arguments to the driver and overwrite an arbitrary address in the kernel space through a specially crafted IOCTL. Impact level: System

Solution

Apply the security updates accordingly. http://www.arcabit.pl

Insight

This flaw is due to vulnerability in ps_drv.sys driver, which allows any users to open the device '\\Device\\ps_drv' and issue IOCTLs with a buffering mode of METHOD_NEITHER.

Affected

ArcaBit 2009 Home Protection prior to 9.4.3204.9 ArcaVir 2009 System Protection prior to 9.4.3203.9 ArcaVir 2009 Internet Security prior to 9.4.3202.9 ArcaBit ArcaVir 2009 Antivirus Protection prior to 9.4.3201.9

References

http://secunia.com/advisories/35260
http://www.vupen.com/english/advisories/2009/1428

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1824
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

VMAX Web Viewer Default Credentials Authentication Bypass Vulnerability
South River Technologies WebDrive Local Privilege Escalation Vulnerability
ZyXEL ZyWALL Web Configurator Authentication Bypass Vulnerability
Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
Nortel/Bay Networks default password

Take action and discover your vulnerabilities