Advisories

Twister Antivirus v8.17 - DoS

5.5

Medium

5.5

Medium

Discovered by

Andres Roldan

Andres Roldan

Offensive Team, Fluid Attacks

Summary

Full name

Twister Antivirus v8.17 - Denial of Service

Code name

Holiday

State

Public

Release date

Feb 6, 2024

Affected product

Twister Antivirus

Vendor

Filseclab

Affected version(s)

Version 8.17

Vulnerability name

Denial of Service (DoS)

Vulnerability type

002. Asymmetric Denial of Service

Remotely exploitable

No

CVSS v3.0 vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v3.0 base score

5.5

Exploit available

Yes

CVE ID(s)

CVE-2024-1096

Description

Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver.

Vulnerability

The 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL code of the fildds.sys driver allows to perform a Denial of Service, leading to a BSOD of the affected computer caused by a NULL pointer dereference.

The resulting debugging session when triggering those IOCTLs resemble the following:

rax=0000000000000000 rbx=ffffce8e6d6fa060 rcx=fffff80171540000
rdx=0000000000000000 rsi=0000000000000001 rdi=ffffce8e6ea8f140
rip=fffff80171541994 rsp=fffff0056a289ee0 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000000 r10=fffff80171542cd0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=ffffce8e6ea8f140 r15=ffffce8e6dbaada0
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050286
fildds+0x1994:
fffff801`71541994 8b8000040000    mov     eax,dword ptr [rax+400h] ds:002b:00000000`00000400=????????
Resetting default scope

PROCESS_NAME:  IOCTLBruteForce.exe

STACK_TEXT:
fffff005`6a289ee0 fffff801`71542e65     : ffffce8e`80112080 00000000`00000000 ffffce8e`00000000 00000000`00000000 : fildds+0x1994
fffff005`6a28b780 fffff801`6aed1f35     : ffffce8e`6dbaada0 ffffce8e`6d6fa060 fffff005`6a28bb80 00000000`00000001 : fildds+0x2e65
rax=0000000000000000 rbx=ffffce8e6d6fa060 rcx=fffff80171540000
rdx=0000000000000000 rsi=0000000000000001 rdi=ffffce8e6ea8f140
rip=fffff80171541994 rsp=fffff0056a289ee0 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000000 r10=fffff80171542cd0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=ffffce8e6ea8f140 r15=ffffce8e6dbaada0
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050286
fildds+0x1994:
fffff801`71541994 8b8000040000    mov     eax,dword ptr [rax+400h] ds:002b:00000000`00000400=????????
Resetting default scope

PROCESS_NAME:  IOCTLBruteForce.exe

STACK_TEXT:
fffff005`6a289ee0 fffff801`71542e65     : ffffce8e`80112080 00000000`00000000 ffffce8e`00000000 00000000`00000000 : fildds+0x1994
fffff005`6a28b780 fffff801`6aed1f35     : ffffce8e`6dbaada0 ffffce8e`6d6fa060 fffff005`6a28bb80 00000000`00000001 : fildds+0x2e65
rax=0000000000000000 rbx=ffffce8e6d6fa060 rcx=fffff80171540000
rdx=0000000000000000 rsi=0000000000000001 rdi=ffffce8e6ea8f140
rip=fffff80171541994 rsp=fffff0056a289ee0 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000000 r10=fffff80171542cd0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=ffffce8e6ea8f140 r15=ffffce8e6dbaada0
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050286
fildds+0x1994:
fffff801`71541994 8b8000040000    mov     eax,dword ptr [rax+400h] ds:002b:00000000`00000400=????????
Resetting default scope

PROCESS_NAME:  IOCTLBruteForce.exe

STACK_TEXT:
fffff005`6a289ee0 fffff801`71542e65     : ffffce8e`80112080 00000000`00000000 ffffce8e`00000000 00000000`00000000 : fildds+0x1994
fffff005`6a28b780 fffff801`6aed1f35     : ffffce8e`6dbaada0 ffffce8e`6d6fa060 fffff005`6a28bb80 00000000`00000001 : fildds+0x2e65
rax=0000000000000000 rbx=ffffce8e6d6fa060 rcx=fffff80171540000
rdx=0000000000000000 rsi=0000000000000001 rdi=ffffce8e6ea8f140
rip=fffff80171541994 rsp=fffff0056a289ee0 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000000 r10=fffff80171542cd0
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=ffffce8e6ea8f140 r15=ffffce8e6dbaada0
iopl=0         nv up ei ng nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050286
fildds+0x1994:
fffff801`71541994 8b8000040000    mov     eax,dword ptr [rax+400h] ds:002b:00000000`00000400=????????
Resetting default scope

PROCESS_NAME:  IOCTLBruteForce.exe

STACK_TEXT:
fffff005`6a289ee0 fffff801`71542e65     : ffffce8e`80112080 00000000`00000000 ffffce8e`00000000 00000000`00000000 : fildds+0x1994
fffff005`6a28b780 fffff801`6aed1f35     : ffffce8e`6dbaada0 ffffce8e`6d6fa060 fffff005`6a28bb80 00000000`00000001 : fildds+0x2e65

Our security policy

We have reserved the ID CVE-2024-1096 to refer to this issue from now on.

Disclosure policy

System Information

  • Version: Twister Antivirus v8.17

  • Operating System: Windows

Mitigation

There is currently no patch available for this vulnerability.

References

Credits

The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team.

Timeline

Feb 2, 2024

Vulnerability discovered

Feb 2, 2024

Vendor contacted

Feb 6, 2024

Public disclosure

Does your application use this vulnerable software?

During our free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

Start free trial

Start free trial

Start free trial

Start free trial

Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.

Get an AI summary of Fluid Attacks

Products

Platform

SAST

SCA

DAST

AI SAST

PTaaS

Secure code review

Reverse engineering

Integrations

Solutions

Continuous Hacking

AppSec

ACSA

ASPM

AI security

RBVM

SSCS

Compliance

DevSecOps

Targets

Web applications

Mobile applications

APIs and microservices

Infrastructure as code

LLM apps and GenAI

Company

About us

Customers

Certifications

Partners

Careers

Trust center

Resources

Advisories

Blog

Success stories

Downloadables

Cybersecurity essentials

Events

Documentation

Courses on our platform

Tool benchmark

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Subscribe

SOC 2 Type II

SOC 3

© 2026 Fluid Attacks. We hack your software.

Terms of use

Privacy policy

System status

Cookie policy

Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.

Products

Platform

SAST

SCA

DAST

AI SAST

PTaaS

Secure code review

Reverse engineering

Integrations

Solutions

Continuous Hacking

AppSec

ACSA

ASPM

AI security

RBVM

SSCS

Compliance

DevSecOps

Targets

Web applications

Mobile applications

APIs and microservices

Infrastructure as code

LLM apps and GenAI

Company

About us

Customers

Certifications

Partners

Careers

Trust center

Resources

Advisories

Blog

Success stories

Downloadables

Cybersecurity essentials

Events

Documentation

Courses on our platform

Tool benchmark

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Subscribe

Get an AI summary of Fluid Attacks

SOC 2 Type II

SOC 3

© 2026 Fluid Attacks. We hack your software.

Terms of use

Privacy policy

System status

Cookie policy

Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.

Products

Platform

SAST

SCA

DAST

AI SAST

PTaaS

Secure code review

Reverse engineering

Integrations

Solutions

Continuous Hacking

AppSec

ACSA

ASPM

AI security

RBVM

SSCS

Compliance

DevSecOps

Targets

Web applications

Mobile applications

APIs and microservices

Infrastructure as code

LLM apps and GenAI

Company

About us

Customers

Certifications

Partners

Careers

Trust center

Resources

Advisories

Blog

Success stories

Downloadables

Cybersecurity essentials

Events

Documentation

Courses on our platform

Tool benchmark

Subscribe to our newsletter

Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.

Subscribe

Get an AI summary of Fluid Attacks

SOC 2 Type II

SOC 3

© 2026 Fluid Attacks. We hack your software.

Terms of use

Privacy policy

System status

Cookie policy

Meet us at RSA Conference™ 2026 at booth N-4614! Book a demo on-site.

Plans

Advisories

EN

Contact sales

Log in

Try for free

Meet us at RSA Conference™ 2026 at booth N-4614! Book a demo on-site.

EN

Contact sales

Try for free

Meet us at RSA Conference™ 2026 at booth N-4614! Book a demo on-site.

EN