Severity: High
- Zemana AntiMalware (
zamguard64.sys, zamguard32.sys
) v. <= 3.2.28 - Zemana AntiLogger (
zam64.sys, zam32.sys
) v. <= 2.74.204.664
are affected by an Incorrect Access Control vulnerability where IOCTLs 0x80002014
and 0x80002018
respectively grant unrestricted disk read/write capabilities. A non-privileged user can open a handle to the \.\ZemanaAntiMalware
device, register within the driver using IOCTL 0x80002010
and send the IOCTLs mentioned above to disclose sensitive files on the system or escalate privileges by overwriting the boot sector or critical code in the pagefile