SUPERAntiSpyware Pro X - API manipulation
Discovered by

Offensive Team, Fluid Attacks
Summary
Full name
SUPERAntiSpyware Pro X v10.0.1260 - Kernel-level API parameters manipulation
Code name
State
Public
Release date
29 ene 2024
Affected product
SUPERAntiSpyware Pro X
Vendor
SUPERAntiSpyware
Affected version(s)
Version 10.0.1260
Vulnerability name
Kernel-level API parameters manipulation
Vulnerability type
Remotely exploitable
No
CVSS v3.1 vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVSS v3.1 base score
6.6
Exploit available
Yes
CVE ID(s)
Description
SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver.
Vulnerability
The 0x9C402140 IOCTL code of the saskutil64.sys driver allows a local attacker to manipulate the parameters of the IoGetDeviceObjectPointer
and IoBuildSynchronousFsdRequest
kernel-level APIs, leading to DoS when a invalid Device Object is passed to IoGetDeviceObjectPointer
. The primitive can be further abused to create arbitrary IRPs to perform driver-to-driver calls.
The decompiled pseudo-code of the affected function is this:
When an attacker performs a request to the affected IOCTL, some parameters of [1] and [2] can be influenced.
Snipped of the Proof-of-Concept:
The resulting kernel-level API calls are:
Our security policy
We have reserved the ID CVE-2024-0788 to refer to this issue from now on.
System Information
Version: SUPERAntiSpyware Pro X v10.0.1260
Operating System: Windows
Mitigation
There is currently no patch available for this vulnerability.
References
Vendor page https://www.superantispyware.com/
Product page https://www.superantispyware.com/professional-x-edition.html
Timeline
22 ene 2024
Vulnerability discovered
22 ene 2024
Vendor contacted
29 ene 2024
Public disclosure
Does your application use this vulnerable software?
During our free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.