CVE-2009-1824 (GCVE-0-2009-1824)

Vulnerability from cvelistv5 – Published: 2009-05-29 18:00 – Updated: 2024-08-07 05:27
VLAI?
Summary
The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2009-05-23 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:27:54.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-1428",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1428"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip"
          },
          {
            "name": "35260",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35260"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ntinternals.org/ntiadv0814/ntiadv0814.html"
          },
          {
            "name": "8782",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8782"
          },
          {
            "name": "35100",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35100"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \\Device\\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-1428",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1428"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip"
        },
        {
          "name": "35260",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35260"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ntinternals.org/ntiadv0814/ntiadv0814.html"
        },
        {
          "name": "8782",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8782"
        },
        {
          "name": "35100",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1824",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \\Device\\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-1428",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1428"
            },
            {
              "name": "http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip",
              "refsource": "MISC",
              "url": "http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip"
            },
            {
              "name": "35260",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35260"
            },
            {
              "name": "http://ntinternals.org/ntiadv0814/ntiadv0814.html",
              "refsource": "MISC",
              "url": "http://ntinternals.org/ntiadv0814/ntiadv0814.html"
            },
            {
              "name": "8782",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8782"
            },
            {
              "name": "35100",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1824",
    "datePublished": "2009-05-29T18:00:00.000Z",
    "dateReserved": "2009-05-29T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:27:54.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2009-1824",
      "date": "2026-05-03",
      "epss": "0.00285",
      "percentile": "0.51842"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1824\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-05-29T18:30:00.217\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \\\\Device\\\\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs.\"},{\"lang\":\"es\",\"value\":\"El controlador de Kernel ps_drv.sys en ArcaBit ArcaVir 2009 Antivirus Protection v9.4.3201.9 y anteriores, ArcaVir 2009 Internet Security v9.4.3202.9 y anteriores, ArcaVir 2009 System Protection v9.4.3203.9 y anteriores, y ArcaBit 2009 Home Protection v9.4.3204.9 y anteriores, permite a usuarios locales obtener privilegios a trav\u00e9s de una petici\u00f3n METHOD_NEITHER IOCTL manipulada en \\\\Device\\\\ps_drv que contiene direcciones de Kernel arbitrarias, como se ha demostrado utilizando el (1) 0x2A7B802B y posiblemente (2) 0x2A7B8004 y (3) 0x2A7B8004 IOCTLs.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arcabit:arcavir_2009_antivirus_protection:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.3201.9\",\"matchCriteriaId\":\"D6FA1FD6-1798-487B-AE30-16B1C8426C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arcabit:arcavir_2009_home_protection:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.3204.9\",\"matchCriteriaId\":\"115CF860-C225-4AFC-ACE5-24A30E591A4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arcabit:arcavir_2009_internet_security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.3202.9\",\"matchCriteriaId\":\"20878584-D85E-4B24-98C3-0ED50D018361\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arcabit:arcavir_2009_system_protection:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.3203.9\",\"matchCriteriaId\":\"9C278D41-EA2B-468B-AECE-18771DFF6F9F\"}]}]}],\"references\":[{\"url\":\"http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://ntinternals.org/ntiadv0814/ntiadv0814.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/35260\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/35100\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1428\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/8782\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ntinternals.org/ntiadv0814/PsDrv_Exp.zip\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://ntinternals.org/ntiadv0814/ntiadv0814.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/35260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/35100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/8782\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.