CVE-2021-31728
moderate-risk
Published 2021-05-17
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook with IOCTL 0x80002044 and execute the executable memory using this hook with IOCTL 0x80002014 or 0x80002018, this exposes ring 0 code execution in the context of the driver allowing the non-privileged process to elevate privileges.
Do I need to act?
!
22.1% chance of exploitation in next 30 days
EPSS score — higher than 78% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (1)
Antimalware
Affected Vendors
References (2)
Third Party Advisory
https://github.com/irql0/CVE-2021-31728/blob/master/CVE-2021-31728.md
Third Party Advisory
https://github.com/irql0/CVE-2021-31728/blob/master/CVE-2021-31728.md
43
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
14/34 · Moderate
Exposure
5/34 · Minimal