Anti-Keylogger Elite IOCTL 'AKEProtect.sys'请求本地权限提升漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116665 漏洞类型 缓冲区溢出
发布时间 2008-11-07 更新时间 2008-11-12
CVE编号 CVE-2008-5049 CNNVD-ID CNNVD-200811-194
漏洞平台 Windows CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/7054
https://www.securityfocus.com/bid/87216
https://cxsecurity.com/issue/WLB-2008110100
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200811-194
|漏洞详情
Anti-TrojanElite和Anti-KeyloggerElite是ISecSoft推出的防木马和侦测键盘记录器工具。Anti-KeyloggerElite的AKEProtect.sys驱动没有正确地验证通过IOCTL0x002224A4、0x002224C0和0x002224CC所接收到的参数.
|漏洞EXP
////////////////////////////////////////////////////////////////////////////////////
// +----------------------------------------------------------------------------+ //
// |                                                                            | //
// | ISecSoft, Inc. - http://www.remove-keyloggers.com                          | //
// |                                                                            | //
// | Affected Software:                                                         | //
// | Anti-Keylogger Elite <= 3.3.0                                              | //
// |                                                                            | //
// | Affected Driver:                                                           | //
// | Anti-Keylogger Elite Driver - AKEProtect.sys <= 3.3.3.0                    | //
// |                                                                            | //
// | Local Privilege Escalation Exploit                                         | //
// | For Educational Purposes Only !                                            | //
// |                                                                            | //
// +----------------------------------------------------------------------------+ //
// |                                                                            | //
// | NT Internals - http://www.ntinternals.org/                                 | //
// | alex ntinternals org                                                       | //
// | 07 November 2008                                                           | //
// |                                                                            | //
// | References:                                                                | //
// | Exploiting Common Flaws in Drivers                                         | //
// | Ruben Santamarta - http://reversemode.com/                                 | //
// |                                                                            | //
// +----------------------------------------------------------------------------+ //
////////////////////////////////////////////////////////////////////////////////////

Exploit:
http://www.ntinternals.org/ntiadv0802/AKEProtect_Exp.zip
backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/7054.zip (2008-AKEProtect_Exp.zip)

Advisory:
http://www.ntinternals.org/ntiadv0802/ntiadv0802.html


# milw0rm.com [2008-11-07]
|受影响的产品
ISecSoft Anti-Keylogger Elite 3.3
|参考资料

来源:XF
名称:antikeylogger-akeprotect-priv-escalation(46465)
链接:http://xforce.iss.net/xforce/xfdb/46465
来源:BID
名称:32202
链接:http://www.securityfocus.com/bid/32202
来源:MISC
链接:http://www.ntinternals.org/ntiadv0802/ntiadv0802.html
来源:MILW0RM
名称:7054
链接:http://www.milw0rm.com/exploits/7054
来源:SREASON
名称:4582
链接:http://securityreason.com/securityalert/4582
来源:SECUNIA
名称:32634
链接:http://secunia.com/advisories/32634