ArcaVir 2009 < 9.4.320X.9 - ps_drv.sys Local Privilege Escalation Exploit

2009-05-26T00:00:00
ID EDB-ID:8782
Type exploitdb
Reporter NT Internals
Modified 2009-05-26T00:00:00

Description

ArcaVir 2009 < 9.4.320X.9 (ps_drv.sys) Local Privilege Escalation Exploit. CVE-2009-1824. Local exploit for windows platform

                                        
                                            ////////////////////////////////////////////////////////////////////////////////////
// +----------------------------------------------------------------------------+ //
// |                                                                            | //
// | ArcaBit Sp. z o.o. - http://www.arcabit.com/                               | //
// |                                                                            | //
// | Affected Software:                                                         | //
// | ArcaVir 2009 Antivirus Protection &lt;= 9.4.3201.9                            | //
// | ArcaVir 2009 Internet Security &lt;= 9.4.3202.9                               | //
// | ArcaVir 2009 System Protection &lt;= 9.4.3203.9                               | //
// | ArcaVir 2009 Home Protection &lt;= 9.4.3204.9                                 | //
// |                                                                            | //
// | Affected Driver:                                                           | //
// | ps_drv.sys                                                                 | //
// |                                                                            | //
// | Local Privilege Escalation Exploit                                         | //
// | For Educational Purposes Only !                                            | //
// |                                                                            | //
// +----------------------------------------------------------------------------+ //
// |                                                                            | //
// | NT Internals - http://www.ntinternals.org/                                 | //
// | alex ntinternals org                                                       | //
// | 23 May 2009                                                                | //
// |                                                                            | //
// | References:                                                                | //
// | ArcaVir (ps_drv.sys) Multiple Privilege Escalation Vulnerabilities         | //
// | NTIADV0814 - http://www.ntinternals.org/ntiadv0814/ntiadv0814.html         | //
// |                                                                            | //
// | Exploiting Common Flaws in Drivers                                         | //
// | Ruben Santamarta - http://www.reversemode.com/                             | //
// |                                                                            | //
// +----------------------------------------------------------------------------+ //
////////////////////////////////////////////////////////////////////////////////////

Exploit:
http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip

Mirror:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/8782.zip (2009-PsDrv_Exp.zip)

Advisory:
http://ntinternals.org/ntiadv0814/ntiadv0814.html

# milw0rm.com [2009-05-26]