CVE-2023-1008 - OpenCVE

A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:S/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Filseclab	Twister Antivirus

Configuration 1 [-]

cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://drive.google.com/file/d/1fdQWJ1uvXELnXnDm2Jk81bA0fwwqQCpY/view?usp=sharing
https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1008
https://vuldb.com/?ctiid.221741
https://vuldb.com/?id.221741

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-02-24T10:24:01.015Z

Updated: 2024-08-02T05:32:46.252Z

Reserved: 2023-02-24T10:23:10.430Z

Link: CVE-2023-1008

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-24T11:15:10.910

Modified: 2024-05-17T02:17:44.310

Link: CVE-2023-1008

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1008", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-02-24T10:23:10.430Z", "datePublished": "2023-02-24T10:24:01.015Z", "dateUpdated": "2024-08-02T05:32:46.252Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T22:05:17.296Z"}, "title": "Twister Antivirus IoControlCode filmfd.sys 0x801120E4 denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Denial of Service"}]}], "affected": [{"vendor": "Twister", "product": "Antivirus", "versions": [{"version": "8.17", "status": "affected"}], "modules": ["IoControlCode Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Twister Antivirus 8.17 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion 0x801120E4 in der Bibliothek filmfd.sys der Komponente IoControlCode Handler. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C"}}], "timeline": [{"time": "2023-02-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-02-24T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-02-24T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-03-26T09:33:49.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Zeze7w (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.221741", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.221741", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1008", "tags": ["related"]}, {"url": "https://drive.google.com/file/d/1fdQWJ1uvXELnXnDm2Jk81bA0fwwqQCpY/view?usp=sharing", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:32:46.252Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.221741", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.221741", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1008", "tags": ["related", "x_transferred"]}, {"url": "https://drive.google.com/file/d/1fdQWJ1uvXELnXnDm2Jk81bA0fwwqQCpY/view?usp=sharing", "tags": ["exploit", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*", "matchCriteriaId": "C900E994-BE87-4417-808D-42DEBF93920A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability."}], "id": "CVE-2023-1008", "lastModified": "2024-05-17T02:17:44.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 4.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-02-24T11:15:10.910", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://drive.google.com/file/d/1fdQWJ1uvXELnXnDm2Jk81bA0fwwqQCpY/view?usp=sharing"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1008"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.221741"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.221741"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Primary"}]}