SRC-2017-0029 : Kingsoft Antivirus and Internet Security Kernel Stack Buffer Overflow Privilege Escalation Vulnerability
CVE ID:
CVE-2017-14606
CVSS Score:
6.9, (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Affected Vendors:
Kingsoft
Affected Products:
Kingsoft Internet Security
Vulnerability Details:
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Kingsoft Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaws exists within the processing of IOCTL 0x80030004 or 0x80030008 by either the kavfm.sys (anti-virus) or the KWatch3.sys (internet security) kernel driver. The driver doesn’t properly validate user-supplied data which can result in a kernel stack buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
Vendor Response:
Kingsoft has not issued an update to correct these vulnerabilities.
Disclosure Timeline:
- 2017-10-03 – Verified and acquired by Beyond Security
- 2017-12-31 – Uncoordinated public release of advisory
Proof of Concept:
Credit:
This vulnerability was discovered by Steven Seeley of Source Incite
Acknowledgments:
Source Incite would like to acknowledge Beyond Security's SSD program for the help with co-ordination of this vulnerability. More details can be found on their blog at https://blogs.securiteam.com/index.php/archives/3597.