CVE-2009-4049 PoC — Avast! Antivirus aswRsr.sys驱动本地堆溢出漏洞

Source

https://github.com/fengjixuchui/CVE-2009-4049

Associated Vulnerability

Title:Avast! Antivirus aswRsr.sys驱动本地堆溢出漏洞 (CVE-2009-4049)
Description:Avast! Antivirus是捷克Avast（爱维士）公司的一套杀毒软件。 Avast杀毒软件的aswRdr.sys驱动存在堆缓冲区溢出漏洞。攻击者可以借助特制的参数制作参数的IOCTL 0x80002024，导致拒绝服务或者获得访问特权。

Description

Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.

Readme

# CVE-2009-4049
 Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.

 While part of the reason as to why I did not finish this vulnerability is out of sheer laziness, it did not appear exploitable on the surface. It can achieve a local denial of service condition, but it does not appear that I can control the contents of memory. The only factor that can be controlled, from my tests, is the string scan loop iterations. No data appears to be passed to the output buffer, either.

File Snapshot


 [4.0K]  /data/pocs/15a5f45c7a3dae4b6cde80d8ff03032bf2eb024c
├── [4.0K]  CVE-2009-4049
│   ├── [1.4K]  CVE-2009-4049.sln
│   ├── [7.0K]  CVE-2009-4049.vcxproj
│   ├── [1.0K]  CVE-2009-4049.vcxproj.filters
│   ├── [1.4K]  exploit.c
│   └── [ 166]  exploit.h
└── [ 678]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!