CVE-2024-51324

LOW EXPLOITED RANSOMWARE

Baidu Antivirus <5.2.3.116083 - RCE

Title source: llm

Exploitation Summary

CVE-2024-51324 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns. EIP tracks 2 public exploits from researchers including devianntsec.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-51324, a BYOVD vulnerability in Baidu Antivirus's kernel driver `BdApiUtil64.sys`. The exploit demonstrates process termination, arbitrary file deletion, and in-use file deletion via IOCTL primitives, with detailed technical analysis and operational modes for scanning, loading, killing, and cleanup.

Description

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.

Exploits (2)

github WORKING POC

by devianntsec · pythonlocal

https://github.com/devianntsec/CVE-2024-51324

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-51324, a BYOVD vulnerability in Baidu Antivirus's kernel driver `BdApiUtil64.sys`. The exploit demonstrates process termination, arbitrary file deletion, and in-use file deletion via IOCTL primitives, with detailed technical analysis and operational modes for scanning, loading, killing, and cleanup.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Baidu Antivirus v5.2.3.116083 (BdApiUtil64.sys)

Auth required

Prerequisites: Windows 10/11 · Python 3.6+ · BdApiUtil64.sys driver · Administrator privileges for loading/cleanup

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Apr 28, 2026 Full analysis →

nomisec WORKING POC

by devianntsec · poc

https://github.com/devianntsec/CVE-2024-51324-BYOVD-Masters-Thesis

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-51324, a BYOVD vulnerability in Baidu Antivirus's BdApiUtil64.sys driver. The exploit allows arbitrary process termination via an exposed IOCTL handler, with detailed documentation and operational modes for scanning, loading, killing, and cleanup.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Baidu Antivirus 7.0.0.51176 and earlier

No auth needed

Prerequisites: Windows 10/11 · Python 3.6+ · BdApiUtil64.sys driver binary · Administrator privileges for loading/cleanup

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (1)

Core 1

Core References

Issue Tracking

https://github.com/magicsword-io/LOLDrivers/issues/204

Scores

CVSS v3 3.8

EPSS 0.0047

EPSS Percentile 36.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2025-09-17

Ransomware Use Confirmed

CWE

CWE-269

Status published

Published Feb 11, 2025

Tracked Since Feb 18, 2026