- IObit Malware Fighter 9.4.0.776, IMFCameraProtect.sys 7.0.7.29
- https://www.iobit.com/en/malware-fighter.php
Local Privilege Escalation
From IoControlCode 0x8018E000 and 0x8018E004, there is stack overflow when calling memmove with the src address and size controllable, which leads to LPE.
In the attached file LPE.zip, there are LPE.exe, LPE.cpp, iobit_malware_fighter_setup.exe, and IMFCameraProtect.sys. LPE.exe is the PoC to cause local privilege escalation where iobit_malware_fighter_setup.exe which contains the vulnerable driver IMFCameraProtect.sys is installed, and LPE.cpp is the source code of LPE.exe. To reproduce the issue, install iobit_malware_fighter_setup.exe and execute LPE.exe. It is expected that the cmd pops up with SYSTEM privilege once LPE.exe is executed. Password for attachment: LPE https://drive.google.com/file/d/1GITWzh29cRcycVqVJgMJuX6emE_f1KPV/view?usp=sharing