Info

Disclosure

May 23, 2010

Discovery

Unknown

Dates

Exploit

May 23, 2010

Solution

Unknown

Description

KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error in the KAVSafe.sys driver occurs, allowing a local attacker to corrupt kernel memory and allow the attacker to gain system privileges in order to execute arbitrary code via a specially crafted 830020D4h IOCTL.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Vendor Verified, Uncoordinated Disclosure

Solution

Upgrade to the latest version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

KingSOFT Inc.

Webshield

3.5.1.2 and possibly earlier

References

Exploit Database: 12710
CVE ID: 2010-2031 (see also: NVD)
Secunia Advisory ID: 39916
Bugtraq ID: 40342
ISS X-Force ID: 58780

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/64833