Lucene search

[email protected]CVE-2018-6606

HistoryFeb 04, 2018 - 1:29 a.m.

CVE-2018-6606

2018-02-0401:29:00

CWE-732

[email protected]

web.nvd.nist.gov

cve-2018-6606

malwarefox

antimalware

security vulnerability

access control

privilege escalation

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

35.8%

JSON

An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by sending IOCTL 0x80002010 and then using IOCTL 0x8000204C to \.\ZemanaAntiMalware to elevate privileges.

CPENameOperatorVersion
malwarefox:antimalwaremalwarefox antimalwareeq2.74.0.150

CPE	Name	Operator	Version
malwarefox:antimalware	malwarefox antimalware	eq	2.74.0.150

References

github.com/SouhailHammou/Exploits/blob/master/CVE-2018-6606/Malwarefox_privescl_1.c

www.exploit-db.com/exploits/43987/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

35.8%

JSON

Related for CVE-2018-6606

packetstorm1 exploitpack1 prion1 cvelist1 exploitdb1