SecuritySpace - CVE-2009-1824

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2009-1824

Description: The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs.

Test IDs: 1.3.6.1.4.1.25623.1.0.800720

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2009-1824
BugTraq ID: 35100
http://www.securityfocus.com/bid/35100
https://www.exploit-db.com/exploits/8782
http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip
http://ntinternals.org/ntiadv0814/ntiadv0814.html
http://secunia.com/advisories/35260
http://www.vupen.com/english/advisories/2009/1428

CVE ID:	CVE-2009-1824
Description:	The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs.
Test IDs:	1.3.6.1.4.1.25623.1.0.800720
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1824 BugTraq ID: 35100 http://www.securityfocus.com/bid/35100 https://www.exploit-db.com/exploits/8782 http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip http://ntinternals.org/ntiadv0814/ntiadv0814.html http://secunia.com/advisories/35260 http://www.vupen.com/english/advisories/2009/1428