CVE-2010-2031

Kingsoft Webshield < 3.5.1.2 - Arbitrary Kernel Memory Overwrite via KAVSafe.sys IOCTL 0x830020d4

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2031. PoCs published by Xuanyuan Smart.

AI-analyzed exploit summary This exploit demonstrates a local privilege escalation vulnerability in Kingsoft WebShield's KAVSafe.sys driver by leveraging an arbitrary kernel memory overwrite via DeviceIoControl. It manipulates the PEB to bypass checks and executes shellcode to escalate privileges.

Description

KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device.

Exploits (1)

exploitdb WORKING POC
by Xuanyuan Smart · clocalwindows
https://www.exploit-db.com/exploits/12710

This exploit demonstrates a local privilege escalation vulnerability in Kingsoft WebShield's KAVSafe.sys driver by leveraging an arbitrary kernel memory overwrite via DeviceIoControl. It manipulates the PEB to bypass checks and executes shellcode to escalate privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Kingsoft WebShield <= 3.5.1.2 (KAVSafe.sys <= 2010.4.14.609)
No auth needed
Prerequisites: Kingsoft WebShield installed · Local access to the system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40342
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58780
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39916
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/12710

Scores

EPSS 0.0075
EPSS Percentile 50.1%

Details

CWE
CWE-119
Status published
Products (1)
kingsoft/webshield < 3.5.1.2
Published May 24, 2010
Tracked Since Feb 18, 2026