CVE-2018-6606

HIGH

Malwarefox Antimalware - Incorrect Permission Assignment

Title source: rule

Description

An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by sending IOCTL 0x80002010 and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.

Exploits (2)

exploitdb WORKING POC

by Souhail Hammou · clocalwindows

https://www.exploit-db.com/exploits/43987

View Code ZIP pw:eip

nomisec WORKING POC

by bullhead-repo · poc

https://github.com/bullhead-repo/CVE-2018-6606

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://github.com/SouhailHammou/Exploits/blob/master/CVE-2018-6606/Malwarefox_privescl_1.c

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43987/

Scores

CVSS v3 7.8

EPSS 0.0146

EPSS Percentile 80.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

malwarefox/antimalware 2.74.0.150

Published Feb 04, 2018

Tracked Since Feb 18, 2026