Advisories

Twister Antivirus v8.17 - Out-of-bounds Read

6.1

Medium

6.1

Medium

Discovered by

Andres Roldan

Andres Roldan

Offensive Team, Fluid Attacks

Summary

Full name

Twister Antivirus v8.17 - Out-of-bounds Read

Code name

Fitzgerald

State

Public

Release date

Feb 6, 2024

Affected product

Twister Antivirus

Vendor

Filseclab

Affected version(s)

Version 8.17

Vulnerability name

Out-of-bounds Read

Vulnerability type

111. Out-of-bounds Read

Remotely exploitable

No

CVSS v3.1 vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CVSS v3.1 base score

6.1

Exploit available

Yes

CVE ID(s)

CVE-2024-1140

Description

Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.

Vulnerability

The 0x801120B8 IOCTL code of the filmfd.sys driver driver allows to perform a Out-of-bounds read of a page which is allocated next to the vulnerable buffer. When issuing a 0x801120B8 IOCTL request with NULL lpInBuffer and a short lpOutBuffer, the out-of-bounds read occur at filmfd+0xf3f8 when trying to dereference 0x420 bytes from the lpOutBuffer buffer which is controlled by the user. This leads to a Denial of Service if the dereferenced address contains invalid memory. If the attacker can control the allocation of objects adjacent to the vulnerable buffer, this may be upgraded to a more powerful primitive.

The resulting debugging session is the following:

0: kd> bp filmfd+0xf3f8 ".printf \"rax = 0x%p\", @rax; .echo; dps rax+420 L1; .echo; gc"
0: kd> g
rax = 0xffffa28408942640
ffffa284`08942a60  00000000`00000000

rax = 0xffffa2840be6ed00
ffffa284`0be6f120  00000000`00000000

rax = 0xffffa28407da4a40
ffffa284`07da4e60  00000000`00000000

rax = 0xffffa28407ea0d00
ffffa284`07ea1120  ffffa284`0b948158

rax = 0xffffa2840b941d00
ffffa284`0b942120  ????????`????????

KDTARGET: Refreshing KD connection

*** Fatal System Error: 0x00000050
                       (0xFFFFA2840B942120,0x0000000000000000,0xFFFFF800696BF3F8,0x0000000000000002)

Driver at fault:
***    filmfd.sys - Address FFFFF800696BF3F8 base at FFFFF800696B0000, DateStamp 5166646c
.
Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffd40cdd345220, memory referenced.
Arg2: 0000000000000000, X64: bit 0 set if the fault was due to a not-present PTE.
    bit 1 is set if the fault was due to a write, clear if a read.
    bit 3 is set if the processor decided the fault was due to a corrupted PTE.
    bit 4 is set if the fault was due to attempted execute of a no-execute PTE.
    - ARM64: bit 1 is set if the fault was due to a write, clear if a read.
    bit 3 is set if the fault was due to attempted execute of a no-execute PTE.
Arg3: ffffd40cdd344e10, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000002, (reserved)

rax=ffffd40cdd344e00 rbx=0000000000000000 rcx=fffff800712d0000
rdx=ffffd40cdd344e00 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800712df3f8 rsp=ffffee096cc226c0 rbp=0000000000000002
 r8=ffffd40cdd344e10  r9=ffffd40cd9b0ba70 r10=fffff800712dfdd0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
filmfd+0xf3f8:
fffff800`712df3f8 8b8020040000    mov     eax,dword ptr [rax+420h] ds:ffffd40c`dd345220=????????
Resetting default scope

Our security policy

We have reserved the ID CVE-2024-1140 to refer to this issue from now on.

Disclosure policy

System Information

  • Version: Twister Antivirus v8.17

  • Operating System: Windows

Mitigation

There is currently no patch available for this vulnerability.

References

Timeline

Jan 30, 2024

Vulnerability discovered

Jan 30, 2024

Vendor contacted

Feb 6, 2024

Public disclosure

Does your application use this vulnerable software?

During our free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

Start free trial

Start free trial

Start free trial

Start free trial

Plans

Advisories

EN

Contact sales

Log in

Try for free

EN

Contact sales

Try for free

Plans

Advisories

EN

Contact sales

Log in

Try for free

EN

Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.

Products

Platform

SAST

SCA

DAST

CSPM

PTaaS

Secure code review

Reverse engineering

Solutions

Continuous Hacking

AppSec

Cloud security

ASPM

AI security

RBVM

SSCS

Compliance

DevSecOps

Targets

Web applications

Mobile applications

APIs and microservices

Containers

Infrastructure as code

Cloud infrastructure

LLM apps and GenAI

Company

About us

Clients

Certifications

Partners

Careers

Trust center

Resources

Advisories

Blog

Success stories

Downloadables

Cybersecurity essentials

Events

Documentation

Courses on our platform

Tool benchmark

SOC 2 Type II

SOC 3

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Subscribe

© 2025 Fluid Attacks. We hack your software.

Terms of use

Privacy policy

System status

Cookie policy

Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.

Products

Platform

SAST

SCA

DAST

CSPM

PTaaS

Secure code review

Reverse engineering

Solutions

Continuous Hacking

AppSec

Cloud security

ASPM

AI security

RBVM

SSCS

Compliance

DevSecOps

Targets

Web applications

Mobile applications

APIs and microservices

Containers

Infrastructure as code

Cloud infrastructure

LLM apps and GenAI

Company

About us

Clients

Certifications

Partners

Careers

Trust center

Resources

Advisories

Blog

Success stories

Downloadables

Cybersecurity essentials

Events

Documentation

Courses on our platform

Tool benchmark

SOC 2 Type II

SOC 3

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Subscribe

© 2025 Fluid Attacks. We hack your software.

Terms of use

Privacy policy

System status

Cookie policy

Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.

Products

Platform

SAST

SCA

DAST

CSPM

PTaaS

Secure code review

Reverse engineering

Solutions

Continuous Hacking

AppSec

Cloud security

ASPM

AI security

RBVM

SSCS

Compliance

DevSecOps

Targets

Web applications

Mobile applications

APIs and microservices

Containers

Infrastructure as code

Cloud infrastructure

LLM apps and GenAI

Company

About us

Clients

Certifications

Partners

Careers

Trust center

Resources

Advisories

Blog

Success stories

Downloadables

Cybersecurity essentials

Events

Documentation

Courses on our platform

Tool benchmark

SOC 2 Type II

SOC 3

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Subscribe

© 2025 Fluid Attacks. We hack your software.

Terms of use

Privacy policy

System status

Cookie policy