Twister Antivirus v8.17 - Out-of-bounds Read
Discovered by

Offensive Team, Fluid Attacks
Summary
Full name
Twister Antivirus v8.17 - Out-of-bounds Read
Code name
State
Public
Release date
Feb 6, 2024
Affected product
Twister Antivirus
Vendor
Filseclab
Affected version(s)
Version 8.17
Vulnerability name
Out-of-bounds Read
Vulnerability type
Remotely exploitable
No
CVSS v3.1 vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CVSS v3.1 base score
6.1
Exploit available
Yes
CVE ID(s)
Description
Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8
IOCTL code of the filmfd.sys
driver.
Vulnerability
The 0x801120B8
IOCTL code of the filmfd.sys
driver driver allows to perform a Out-of-bounds read of a page which is allocated next to the vulnerable buffer. When issuing a 0x801120B8
IOCTL request with NULL lpInBuffer
and a short lpOutBuffer
, the out-of-bounds read occur at filmfd+0xf3f8
when trying to dereference 0x420
bytes from the lpOutBuffer
buffer which is controlled by the user. This leads to a Denial of Service if the dereferenced address contains invalid memory. If the attacker can control the allocation of objects adjacent to the vulnerable buffer, this may be upgraded to a more powerful primitive.
The resulting debugging session is the following:
Our security policy
We have reserved the ID CVE-2024-1140 to refer to this issue from now on.
System Information
Version: Twister Antivirus v8.17
Operating System: Windows
Mitigation
There is currently no patch available for this vulnerability.
References
Vendor page http://www.filseclab.com/en-us/index.htm
Product page http://www.filseclab.com/en-us/products/twister.htm
Timeline
Jan 30, 2024
Vulnerability discovered
Jan 30, 2024
Vendor contacted
Feb 6, 2024
Public disclosure
Does your application use this vulnerable software?
During our free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.