Advisory NTIADV0902 (Accelerated Disclosure)
RISING Antivirus 2008/2009/2010 Privilege Escalation Vulnerability
Vendor Beijing Rising International Software Co.,Ltd.
Affected Software RISING Antivirus 2008/2009/2010
Affected Driver RsNTGDI - RsNTGdi.sys
Date Reported 2009-04-20
Release Date 2010-01-23
Status Not fixed
Exploit RsNTGdi_Exp.zip - Local Privilege Escalation Exploit
Disclosure Timeline 2009-04-20 - Vulnerability reported to vendor
2009-04-21 - Vendor response
2010-01-23 - Full technical details released to general public
Description
Kernel module (RsNTGdi.sys) shipped with RISING Antivirus 2008/2009/2010 contains vulnerabilities in the code that handles IOCTL requests. Local exploitation of multiple vulnerabilities allow an attacker to execute arbitrary code in kernel context. All users can obtain handle of unprotected device "\\Device\\RSNTGDI" and exploit vulnerable function handling IOCTL requests.