Security Advisory

CVE-2021-31727

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-05-17 12:05:50
Last updated 2024-08-03 23:03:33
Assigner mitre
State PUBLISHED

Description

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTLs 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to .ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTLs to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile.