Severity: High
- Zemana AntiMalware (
zamguard64.sys, zamguard32.sys
) v. <= 3.2.28 - Zemana AntiLogger (
zam64.sys, zam32.sys
) v. <= 2.74.204.664
are affected by an Incorrect Access Control vulnerability where IOCTLs 0x8000204C
allow a non-privileged user to open a handle to any privileged process running on the machine. A non-privileged user can open a handle to the \.\ZemanaAntiMalware
device, register within the driver using IOCTL 0x80002010
and send the IOCTL mentioned above to get a handle to any privileged process. Attackers could exploit this issue by injecting arbitrary code in the context of the privileged process to achieve local privilege escalation in the context of NT AUTHORITY\SYSTEM
.