CVE-2017-14961

HIGH

IKARUS anti.virus 2.16.7 - Arbitrary Write via ntguard.sys IOCtl 0x8300000c

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14961. PoCs published by Parvez Anwar.

AI-analyzed exploit summary This exploit leverages an arbitrary write vulnerability in IKARUS anti.virus (CVE-2017-14961) to escalate privileges by overwriting the _SEP_TOKEN_PRIVILEGES structure in the kernel. It spawns a shellcode-injected remote thread in winlogon.exe to achieve SYSTEM-level access.

Description

In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.

Exploits (1)

exploitdb WORKING POC
by Parvez Anwar · clocalwindows_x86-64
https://www.exploit-db.com/exploits/43139

This exploit leverages an arbitrary write vulnerability in IKARUS anti.virus (CVE-2017-14961) to escalate privileges by overwriting the _SEP_TOKEN_PRIVILEGES structure in the kernel. It spawns a shellcode-injected remote thread in winlogon.exe to achieve SYSTEM-level access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: IKARUS anti.virus 2.16.7 with ntguard_x64.sys driver 0.18780.0.0
No auth needed
Prerequisites: IKARUS anti.virus installed with vulnerable driver · 64-bit Windows 7 or 10 (1709)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.8
EPSS 0.0039
EPSS Percentile 60.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
ikarussecurity/anti.virus 2.16.7
Published Nov 15, 2017
Tracked Since Feb 18, 2026