- Twister Antivirus 8, fildds.sys 2.0.0.8553
- http://www.filseclab.com/en-us/downloads.htm
Terminate Arbitrary Process
From IoControlCode 0x80112053, a normal user can terminate arbitrary process due to the lack of access control.
In the attached file TerminateArbitraryProcess.zip, there are TerminateArbitraryProcess.exe, TerminateArbitraryProcess.cpp, twister8_setup.exe, and fildds.sys. TerminateArbitraryProcess.exe is the PoC to terminate arbitrary process where twister8_setup.exe which contains the vulnerable driver fildds.sys is installed, and TerminateArbitraryProcess.cpp is the source code of TerminateArbitraryProcess.exe. To reproduce the issue, install twister8_setup.exe and execute TerminateArbitraryProcess.exe, then enter a process id. The process is expected to be terminated once TerminateArbitraryProcess.exe is executed. Password for attachment: TerminateArbitraryProcess https://drive.google.com/file/d/1VYsdzogyxAsGH-rhUU1Bo_EbgpSEEN_Q/view?usp=sharing