N/A

The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL.

N/A

N/A

Tallemu Online Armor个人防火墙IOCTL请求本地权限提升漏洞

Online Armor是澳大利亚Tall Emu开发的个人防火墙。 Online Armor防火墙的OAmon.sys驱动在处理用户所提交的IOCTL请求时没有执行正确的地址空间验证，本地非特权用户可以向任意地址写入任意数据，导致执行任意内核态代码。 ... .text:00013E8D @@ioctl_830020C3: .text:00013E8D mov eax， [ebp+OutputBuffer]; UserBuffer .text:00013E90 mov dword ptr [eax]，

N/A

N/A