- Wise Force Deleter 1.5.3.54, WiseUnlock64.sys 1.0.2.13
- https://www.wisecleaner.com/wise-force-deleter.html
Delete Arbitrary File
From IoControlCode 0x220004, a normal user can delete any file due to the lack of access control.
In the attached file ArbitraryDeleteFile.zip, there are ArbitraryDeleteFile.exe, ArbitraryDeleteFile.cpp, WFDSetup_1.5.3.54.exe, and WiseUnlock64.sys. ArbitraryDeleteFile.exe is the PoC to delete any file arbitrarily where WFDSetup_1.5.3.54.exe which contains the vulnerable driver WiseUnlock64.sys is installed, and ArbitraryDeleteFile.cpp is the source code of ArbitraryDeleteFile.exe. To reproduce the issue, just install WFDSetup_1.5.3.54.exe and execute ArbitraryDeleteFile.exe. It is expected that C:\Windows\System32\cmd.exe will be deleted once ArbitraryDeleteFile.exe is executed. Password for attachment: ArbitraryDeleteFile https://drive.google.com/file/d/1Ziu1Ut_-01mDpjdj2Z8rfiU7gtUd_WVU/view?usp=sharing