支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 2e444ab0948985ec5685e7fdf026be913d06124b

来源
https://github.com/tandasat/CVE-2022-25949
关联漏洞
标题:KINGSOFT Internet Security 缓冲区错误漏洞 (CVE-2022-25949)
Description:KINGSOFT Internet Security(金山毒霸)是中国KINGSOFT公司的一个反病毒软件。 KINGSOFT Internet Security 9 Plus 2010.06.23.247版本存在安全漏洞,该漏洞源于软件的存在边界错误,导致基于堆栈的缓冲区溢出。攻击者可以发送特别的请求利用该漏洞实现在目标系统上执行任意代码。
Description
A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.
介绍
# CVE-2022-25949

A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.

## 2009..?

I reported the issue in January 2014 and was notified of the CVE 8+ years later. I decided to upload this because it is amusing enough to find my old code and that it took that long.

Thus, this must not be a new vulnerability despite the new CVE -- a quick search showed multiple reports for the same-looking vulnerability already.

## Timeline

- Jan 12, 2014: I submit the issue to IPA
- Jan 15, 2014: IPA acknowledges the submission
- Mar 10, 2022: IPA notifies me for publication (I ignored it. I thought it was spam)
- Mar 15, 2022: An [advisary](https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000021.html) published

I sill thank IPA for doing their parts and making my day.

## Notes

The vulnerable file appears to be [ffdedbaeccbcf0b697675b24ca313cbb8e1c9ba1bd2f0a0b58a2d6a04a038479](https://www.virustotal.com/gui/file/ffdedbaeccbcf0b697675b24ca313cbb8e1c9ba1bd2f0a0b58a2d6a04a038479/details)

```
//
// Exploit for Kingsoft Antivirus KWatch Driver (KWatch3.sys)
// Target File Version: 2009.3.17.77
// Affected Product: Kingsoft Internet Security 9 Plus
//

/*
------------------------------------------------------------------------------
Shellcode is located at 7E7E7E7E.
The device was opened as 00000020.
Shellcode was executed.
The SYSTEM shell was launched.
This process will be suspended for ever.

------------------------------------------------------------------------------
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\user\Desktop>whoami
nt authority\system
------------------------------------------------------------------------------
*/
```
文件快照

 [4.0K]  /data/pocs/2e444ab0948985ec5685e7fdf026be913d06124b
├── [1.0K]  LICENSE
├── [1.7K]  README.md
└── [4.0K]  src
    ├── [4.0K]  exploit_kwatch3
    │   ├── [6.5K]  exploit_kwatch3.cpp
    │   ├── [4.1K]  exploit_kwatch3.vcxproj
    │   └── [ 967]  exploit_kwatch3.vcxproj.filters
    └── [1019]  exploit_kwatch3.sln

2 directories, 6 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。