CVE-2009-2450

Online Armor Personal Firewall < 3.5.0.14 - Privilege Escalation via OAmon.sys IOCTL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2450. PoCs published by NT Internals.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in the TDI Helper Driver (OAmon.sys) of Online Armor Personal Firewall versions prior to 3.5.0.12. The exploit leverages flawed driver handling to escalate privileges on the affected system.

Description

The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NT Internals · textlocalwindows

https://www.exploit-db.com/exploits/8875

View Code ZIP pw:eip

This exploit targets a local privilege escalation vulnerability in the TDI Helper Driver (OAmon.sys) of Online Armor Personal Firewall versions prior to 3.5.0.12. The exploit leverages flawed driver handling to escalate privileges on the affected system.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Online Armor Personal Firewall v3.5 < 3.5.0.12, Online Armor Personal Firewall AV+ < 3.5.0.12

No auth needed

Prerequisites: Local access to the target system · Presence of vulnerable OAmon.sys driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/50960

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35227

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/8875

Exploit x_refsource_misc

http://milw0rm.com/sploits/2009-OAmon_Exp.zip

Various Sources x_refsource_misc

http://www.ntinternals.org/ntiadv0806/ntiadv0806.html

Scores

EPSS 0.0077

EPSS Percentile 50.6%

Details

CWE

CWE-119

Status published

Products (16)

tallemu/online_armor_personal_firewall_av\+ 3.5.0.6

tallemu/online_armor_personal_firewall_av\+ 3.5.0.9

tallemu/online_armor_personal_firewall_av\+ < 3.5.0.11

tallemu/personal_firewall 3.5.0.1

tallemu/personal_firewall 3.5.0.2

tallemu/personal_firewall 3.5.0.3

tallemu/personal_firewall 3.5.0.4

tallemu/personal_firewall 3.5.0.5

tallemu/personal_firewall 3.5.0.6

tallemu/personal_firewall 3.5.0.7

... and 6 more

Published Jul 13, 2009

Tracked Since Feb 18, 2026