This vulnerability allows local attackers to escalate privileges on vulnerable installations of VirIT eXplorer Anti-Virus. An attacker must first obtain the ability to execute non-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of crafted IOCTL by the VIAGLT64.SYS kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an arbitrary write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. This module will elevate the privileges of the current agent instead of installing a new one.
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Local DCOM DCE/RPC connections can be reflected back to a listening TCP socket allowing access to an NTLM authentication challenge for LocalSystem user which can be replayed to the local DCOM activation service. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system. In order to successfully exploit this vulnerability, the source agent must be running in the context of a Windows service application, as the module require special permissions to create a new agent with elevated privileges.
Subscribe to Windows