An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive.
References
Link | Resource |
---|---|
https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-04-kyrol-internet-security-invalid-pointer-vulnerability.md | Exploit Third Party Advisory |
https://nafiez.github.io/security/vulnerability/2019/12/04/kyrol-internet-security-invalid-pointer-vulnerability.html | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-01-10 17:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-19820
Mitre link : CVE-2019-19820
CVE.ORG link : CVE-2019-19820
JSON object : View
Products Affected
kyrol
- internet_security
CWE
CWE-763
Release of Invalid Pointer or Reference