- Twister Antivirus 8, filmfd.sys 2.0.0.7165
- http://www.filseclab.com/en-us/downloads.htm
Arbitrary File Operation
From IoControlCode 0x801120E4, a normal user can create, read, and write arbitrary file due to the lack of access control.
In the attached file ArbitraryFileOperation.zip, there are ArbitraryFileOperation.exe, ArbitraryFileOperation.cpp, twister8_setup.exe, and filmfd.sys. ArbitraryFileOperation.exe is the PoC to create, read, and write arbitrary file where twister8_setup.exe which contains the vulnerable driver filmfd.sys is installed, and ArbitraryFileOperation.cpp is the source code of ArbitraryFileOperation.exe. To reproduce the issue, just install twister8_setup.exe and execute ArbitraryFileOperation.exe. It is expected that C:\Windows\haha.txt will be created once ArbitraryFileOperation.exe is executed. ArbitraryFileOperation.zip