CVE-2010-1591

Beijing Rising International Rising Antivirus 2008-2010 - Privilege Escalation via IOCTL Input Validation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1591. PoCs published by Dlrow.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in Rising AntiVirus 2008-2010 by manipulating the SSDT (System Service Descriptor Table) via a vulnerable driver interface. It uses a call gate to execute kernel-mode code and restore hooked SSDT entries.

Description

Beijing Rising International Rising Antivirus 2008 through 2010 does not properly validate input to certain IOCTLs, including 0x83003C07, which allows local users to gain privileges via crafted IOCTL requests to the (1) HookCont.sys, (2) HookNtos.sys, (3) HOOKREG.sys, or (4) HookSys.sys device driver; or the (5) RsNTGdi.sys kernel module, reachable through \Device\RSNTGDI.

Exploits (1)

exploitdb WORKING POC

by Dlrow · clocalwindows

https://www.exploit-db.com/exploits/11281

View Code ZIP pw:eip

This exploit targets a local privilege escalation vulnerability in Rising AntiVirus 2008-2010 by manipulating the SSDT (System Service Descriptor Table) via a vulnerable driver interface. It uses a call gate to execute kernel-mode code and restore hooked SSDT entries.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Rising AntiVirus 2008-2010

No auth needed

Prerequisites: Rising AntiVirus 2008-2010 installed · Access to the vulnerable driver interface

MITRE ATT&CK