Severity: High

  • Zemana AntiMalware (zamguard64.sys, zamguard32.sys) v. <= 3.2.28
  • Zemana AntiLogger (zam64.sys, zam32.sys) v. <= 2.74.204.664

are affected by an Incorrect Access Control vulnerability where IOCTLs 0x80002014 and 0x80002018 respectively grant unrestricted disk read/write capabilities. A non-privileged user can open a handle to the \.\ZemanaAntiMalware device, register within the driver using IOCTL 0x80002010 and send the IOCTLs mentioned above to disclose sensitive files on the system or escalate privileges by overwriting the boot sector or critical code in the pagefile