- Max Secure Anti Virus Plus 19.0.2.1, SDActMon.sys 2.0.1.1
- https://www.maxpcsecure.com/download.htm
Arbitrary Copy File
From IoControlCode 0x220020, a normal user can cause arbitrary copy file due to the lack of access control to the operation.
In the attached file ArbitraryCopyFile.zip, there are ArbitraryCopyFile.exe, ArbitraryCopyFile.cpp, MaxAVPlusDM.exe, and SDActMon.sys. ArbitraryCopyFile.exe is the PoC to cause arbitrary copy file where MaxAVPlusDM.exe which contains the vulnerable driver SDActMon.sys is installed, and ArbitraryCopyFile.cpp is the source code of ArbitraryCopyFile.exe. To reproduce the issue, just install MaxAVPlusDM.exe and execute ArbitraryCopyFile.exe. It is expected that cmd.exe is changed into calc.exe after ArbitraryCopyFile.exe is executed. Password for attachment: ArbitraryCopyFile https://drive.google.com/file/d/1PmzG42vFkqpwfgTG0KACzyH8oA7OddWG/view?usp=sharing