CVE-2010-1591

Rising-global Rising Antivirus - Improper Input Validation

Title source: rule

Description

Beijing Rising International Rising Antivirus 2008 through 2010 does not properly validate input to certain IOCTLs, including 0x83003C07, which allows local users to gain privileges via crafted IOCTL requests to the (1) HookCont.sys, (2) HookNtos.sys, (3) HOOKREG.sys, or (4) HookSys.sys device driver; or the (5) RsNTGdi.sys kernel module, reachable through \Device\RSNTGDI.

Exploits (1)

exploitdb WORKING POC

by Dlrow · clocalwindows

https://www.exploit-db.com/exploits/11281

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/38335

[Exploit] http://www.ntinternals.org/ntiadv0805/ntiadv0805.html

[Exploit] http://www.ntinternals.org/ntiadv0902/ntiadv0902.html

[Exploit] http://www.securityfocus.com/bid/37951

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/0218

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/55869

[Third Party Advisory, VDB Entry] http://osvdb.org/61946

Scores

EPSS 0.0007

EPSS Percentile 21.5%

Details

CWE

CWE-20

Status published

Products (3)

rising-global/rising_antivirus 2008

rising-global/rising_antivirus 2009

rising-global/rising_antivirus 2010

Published Apr 28, 2010

Tracked Since Feb 18, 2026