CVE-2023-1490

Published: Mar 18, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376.

Affected (1)

Products: Maxpcsecure: Anti Virus Plus

1 product

Anti Virus Plus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Maxpcsecure Anti Virus Plus	Version 19.0.2.1

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

https://drive.google.com/file/d/1PmzG42vFkqpwfgTG0KACzyH8oA7OddWG/view

Source: cna@vuldb.com

Exploit

https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1490

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.223376

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.223376

Source: cna@vuldb.com

Third Party Advisory

https://drive.google.com/file/d/1PmzG42vFkqpwfgTG0KACzyH8oA7OddWG/view

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1490

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?ctiid.223376

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.223376

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.