CVE-2009-1824

Arcabit Arcavir 2009 Antivirus Protection - Improper Input Validation

Title source: rule

Description

The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs.

Exploits (1)

exploitdb WRITEUP VERIFIED

by NT Internals · textlocalwindows

https://www.exploit-db.com/exploits/8782

View Code ZIP pw:eip

References (6)

Core 6

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1428

Exploit x_refsource_misc

http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35260

Exploit x_refsource_misc

http://ntinternals.org/ntiadv0814/ntiadv0814.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8782

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35100

Scores

EPSS 0.0029

EPSS Percentile 51.9%

Details

CWE

CWE-20

Status published

Products (4)

arcabit/arcavir_2009_antivirus_protection < 9.4.3201.9

arcabit/arcavir_2009_home_protection < 9.4.3204.9

arcabit/arcavir_2009_internet_security < 9.4.3202.9

arcabit/arcavir_2009_system_protection < 9.4.3203.9

Published May 29, 2009

Tracked Since Feb 18, 2026