This module exploits a vulnerability in Symantec products when the 0x83022323 function is invoked with a specially crafted parameter. The IOCTL 0x83022323 handler in the SYMTDI.SYS device driver in Symantec products allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain system privileges.
Serv-U FTP versions 3.x, 4.x and 5.x ship with a default administrative account. A local attacker could establish a connection using the administrative authentication credentials and gain elevated privileges on the server.
This module exploits a privilege escalation vulnerability in the AppFlt.sys driver of Panda Global Protection. The vulnerable driver trusts some values passed from user mode via IOCTL 0x06660E1C, which can be leveraged to corrupt memory in the kernel address space. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges.
The VBoxSF.sys driver is a component of VirtualBox Guest Additions, which is in charge of providing the 'Shared Folders' feature offered by Oracle VirtualBox. This driver doesn't properly validate a pointer when handling the IOCTL_MRX_VBOX_DELCONN IoControl. This allows an unprivileged user in a Windows Guest OS with VirtualBox Guest Additions installed to gain SYSTEM privileges within the Guest OS. Note that this vulnerability can be exploited on Windows Guest operating systems with the Guest Additions installed, even when the 'Shared Folders' feature is not being used.
Subscribe to Windows