ZeroPeril Ltd has discovered two issues inside the amdpsp.sys (v4.13.0.0) kernel driver module that ships with the AMD Chipset Drivers package for multiple AMD chipsets. The first issue is an information disclosure type security vulnerability and the second is a memory leak type bug due to insufficient releasing of all associated allocated resources upon request. The researchers have verified both in the latest Revision Number (2.13.27.501) of the package that was released the 4th of February 2021.
d827c9bf70e10c8aa6de32322ba69539b034444015352799b800c077dfa9a502
A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Symantec Endpoint Protection versions 14.x below 14.2 (RU1) and 12.x below 12.1 (RU6 MP10) are affected. Symantec Endpoint Protection Small Business Edition versions 12.x below 12.1 (RU6 MP10c) are affected.
ba684560b58492719e146b7962feca0b68d0d97a728a6b906962fa4a1fc92df6
The Bitdefender GravityZone installer suffers from a signature bypass issue that allows for code execution.
fb4f2c303fb26dbec83a73792998329051382c1f4c7fca1e1fe8417ff62ba2e5
Sophos SafeGuard Enterprise versions 8.00.4 and earlier, SafeGuard Easy versions 7.00.2.35 and earlier, and SafeGuard LAN Crypt versions 3.95.1.13 and earlier suffer from privilege escalation vulnerabilities.
9d5c7e91f7c46dfdf969ae19225d278303fd9a6345ad15d65c8e24018ea0b127
Vulnerabilities in Symantec Encryption Desktop and Endpoint Encryption allow an attacker to attain arbitrary hard disk read and write access at sector level, and subsequently infect the target and gain low level persistence (MBR/VBR). They also allow the attacker to execute code in the context of the built-in SYSTEM user account, without requiring a reboot.
c552a0d5a2f17481d112b351045fec72aa1777dac0c1e90c745138d741a25e68
This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.
c9bce4e23ea1292a32341faf837c4893b70736ec88069aa0e359dff8ea63548c
A design flaw in Avast Sandbox allows a potentially harmful program to escape the sandbox and infect the host by dropping its files out of it and/or by modifying existing legitimate files of any type. Affected products include Avast Internet Security v11.x.x, Avast Pro Antivirus v11.x.x, Avast Premier v11.x.x, Avast Free Antivirus v11.x.x, Avast Business Security v11.x.x, Avast Endpoint Protection v8.x.x, Avast Endpoint Protection Plus v8.x.x, Avast Endpoint Protection Suite v8.x.x, Avast Endpoint Protection Suite Plus v8.x.x, Avast File Server Security v8.x.x, and Avast Email Server Security v8.x.x.
7fd3ef05288e1690d62a92d2e2d6b6fd6cc0392156eb537960ff2d8cc0ea7037
Panda Security URL Filtering versions prior to 4.3.1.9 suffer from a privilege escalation vulnerability.
3190c8010d3158046fed24fe39c4f0bba14a6dceff1ddf7ffb4f75cf4b6b29ab
Panda Endpoint Administration Agent versions prior to 7.50.00 suffer from a privilege escalation vulnerability.
a9b0b633852d1bfa15f74b01a50238f33b6bea360eb3c5eb3d8a877bc3f67c15
Avast versions 11.1.2245 and below suffer from a heap overflow bug in the Avast Virtualization kernel mode driver (aswSnx.sys).
2c796139cc9e2722f6b6c01834bdd5bbb89e28eec134eb6c447b41be2bb893a4
The Network Driver Interface Specification (NDIS) provides a programming interface specification that facilitates from the network driver architecture perspective the communication between a protocol driver and the underlying network adapter. In Windows OS the so called "NDIS wrapper" (implemented in the Ndis.sys) provides a programming layer of communication between network protocols (TCP/IP) and all the underlying NDIS device drivers so that the implementation of high-level protocol components are independent of the network adapter itself. During vulnerability research from a local security perspective that was performed over several software firewall products designed for Windows XP and Windows Server 2003 (R2 included), an issue during the loading and initialization of one of the OS NDIS protocol drivers was identified; specifically the 'Remote Access and Routing Driver' called wanarp.sys. This issue can be exploited through various NDIS 5.x filter intermediate drivers that provide the firewall functionality of several security related products. The resulting impact is vertical privilege escalation which allows a local attacker to execute code with kernel privileges from any account type, thus completely compromising the affected host.
730dfd4333f38eeac096e605cfc535fc646d5e90e3533d3a53e73d4707bb7d53
McAfee File Lock Driver does not handle correctly GUIDs of the encrypted vaults, which allows to crash the host by crafting a specific IOCTL with a malformed Vault GUID which is used to identify an object of FILE_DEVICE_DISK DeviceType, causing a kernel stack based buffer overflow. McPvDrv.sys version 4.6.111.0 is vulnerable.
630b8a3d4523538ded4d87575e898edf1599ae13e6a4b1b0f4e7d8231325f5d6
McAfee File Lock Driver McPvDrv.sys version 4.6.111.0 suffers from a memory leak vulnerability.
04c8d5c31b7ee243b018718bfc3219e46bdaa41850c8c43eb7249df641e6d335
Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer.
017a81162eb94fe7a9a71b19ac47e7b58ea849b57dcaba936c68c4e615a3aa90
Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer. Version 1.0.0.13 is affected.
eab4ee724270c93a18fa3a73a94be01509bfed60588585695b11e21975000fa3
Latest, and possibly earlier versions of K7Sentry.sys kernel mode driver, also named as the 'K7AV Sentry DeviceDriver', suffers from an out-of-bounds write condition that can be exploited locally by an attacker in order to execute code with kernel privileges. Successful exploitation of this bug results into vertical privilege escalation.
6ae24cdc2a10bd71691607ae39c1e9f6b50c8cf29c8b4c8a7f48bca25d729187
K7Sentry.sys kernel mode driver version 12.8.0.104 suffers from a null pointer dereference vulnerability.
bba500e92fa30973d660f8038bd80dd3b8ce9f1800b630163a16a0ea6de85d50
Latest, and possibly earlier versions of K7FWFilt.sys kernel mode driver, also named as the 'K7Firewall Packet Driver', suffers from a heap overflow condition that can be exploited locally by an attacker in order to execute code with kernel privileges. Successful exploitation of this bug results in vertical privilege escalation.
5f70f46819ed69a70be4689425f0203bacc85b239ad8f355847971ce2417afee
Faronics Deep Freeze Standard and Enterprise suffers from an arbitrary code execution vulnerability.
27fb76254363929ae6c1caac2afa6005830a4d1520926bd16a9b059055f1e885
ESET versions 5.0 through 7.0 suffer from a kernel memory leak vulnerability.
8b5888960f4d9b82098187fccdeffd23d87b222ac084d8ed2407392d581bf827
Panda 2014 products suffer from a heap overflow vulnerability that allows for privilege escalation.
ee7570db291ac19c2cacdd5efdcf59e3ad74d5faf572b58900607b82cf340cd4
ESET Windows Products versions 5.0 through 7.0 (Firewall Module Build 1183 (20140214) and earlier) suffer from a privilege escalation vulnerability.
dece2baa665e8eaa6eefd41fcb60bffa50108ef2c1df166fbc98dc57cbe85529
G Data TotalProtection 2014 version 24.0.2.1 suffers from an arbitrary code execution vulnerability.
d13c4d1c5599bcffe508e75fe31ffdd878a567e0ff4fc55a9e3ea8326e575583
All users of the following (and possibly earlier) versions of Panda security products for Windows are vulnerable to a local privilege escalation which allows a local attacker to elevate privileges from any account type and execute code as SYSTEM, thus obtaining full access over the compromised host.
bd05592c98a9bbeefe7ba5ee744232314670a99e8285c1dafadcf505cd119f51
PCNetSoftware RAC server versions 4.0.4 and 4.0.5 suffer from a denial of service vulnerability.
12bb65a7bc6783dea9e1ade46281f4de7f58d684482c5c0ea3f406da057f11bf