CVE-2023-1491

MEDIUM

Max Secure Anti Virus Plus 19.0.2.1 - Improper Access Controls

Title source: llm

Description

A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.

References (4)

Core 4

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.223377

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.223377

Exploit, Third Party Advisory related

https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1491

Exploit exploit

https://drive.google.com/file/d/1-h-6ijBvucNU-dYglWW5n4l2ys-MDAF9/view

Scores

CVSS v3 4.4

EPSS 0.0030

EPSS Percentile 21.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Details

CWE

CWE-284

Status published

Products (1)

maxpcsecure/anti_virus_plus 19.0.2.1

Published Mar 18, 2023

Tracked Since Feb 18, 2026