VAR-201004-0514
Vulnerability from variot - Updated: 2022-05-17 02:09Rising is a well-known anti-virus software vendor in China. The RsAssist.sys driver used by Rising Antivirus 2010 does not properly handle IOCTL requests, and local users can execute arbitrary kernel mode code by running malicious programs. Rising Antivirus 2010 is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected computer. Failed exploit attempts will result in a denial-of-service condition. The issue affects Rising Antivirus 2010 versions prior to 22.0.3.54. ----------------------------------------------------------------------
Secunia CSI + Microsoft SCCM
= Extensive Patch Management
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
TITLE: Rising Antivirus 2010 RsAssist.sys Privilege Escalation Vulnerability
SECUNIA ADVISORY ID: SA39557
VERIFY ADVISORY: http://secunia.com/advisories/39557/
DESCRIPTION: A vulnerability has been reported in Rising Antivirus 2010, which can be exploited by malicious, local users to potentially gain escalated privileges.
The vulnerability is caused due to an error in the RsAssist.sys driver when handling IOCTLs. This can be exploited to potentially execute arbitrary code in kernel space via a specially crafted IOCTL.
SOLUTION: Update to version 22.0.3.54 or later.
PROVIDED AND/OR DISCOVERED BY: NT Internals
ORIGINAL ADVISORY: NT Internals: http://www.ntinternals.org/ntiadv1001/ntiadv1001.html
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201004-0514",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "antivirus international rising antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "201022.0.3"
},
{
"model": "antivirus international rising antivirus",
"scope": "ne",
"trust": 0.3,
"vendor": "rising",
"version": "201022.0.354"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0692"
},
{
"db": "BID",
"id": "39627"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NT Internals",
"sources": [
{
"db": "BID",
"id": "39627"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rising is a well-known anti-virus software vendor in China. The RsAssist.sys driver used by Rising Antivirus 2010 does not properly handle IOCTL requests, and local users can execute arbitrary kernel mode code by running malicious programs. Rising Antivirus 2010 is prone to a local privilege-escalation vulnerability. \nLocal attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected computer. Failed exploit attempts will result in a denial-of-service condition. \nThe issue affects Rising Antivirus 2010 versions prior to 22.0.3.54. ----------------------------------------------------------------------\n\n\n Secunia CSI\n+ Microsoft SCCM\n-----------------------\n= Extensive Patch Management\n\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nRising Antivirus 2010 RsAssist.sys Privilege Escalation Vulnerability\n\nSECUNIA ADVISORY ID:\nSA39557\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/39557/\n\nDESCRIPTION:\nA vulnerability has been reported in Rising Antivirus 2010, which can\nbe exploited by malicious, local users to potentially gain escalated\nprivileges. \n\nThe vulnerability is caused due to an error in the RsAssist.sys\ndriver when handling IOCTLs. This can be exploited to potentially\nexecute arbitrary code in kernel space via a specially crafted\nIOCTL. \n\nSOLUTION:\nUpdate to version 22.0.3.54 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nNT Internals\n\nORIGINAL ADVISORY:\nNT Internals:\nhttp://www.ntinternals.org/ntiadv1001/ntiadv1001.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0692"
},
{
"db": "BID",
"id": "39627"
},
{
"db": "PACKETSTORM",
"id": "88802"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "39627",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "39557",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-0692",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "88802",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0692"
},
{
"db": "BID",
"id": "39627"
},
{
"db": "PACKETSTORM",
"id": "88802"
}
]
},
"id": "VAR-201004-0514",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0692"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0692"
}
]
},
"last_update_date": "2022-05-17T02:09:18.266000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "http://secunia.com/advisories/39557/"
},
{
"trust": 0.4,
"url": "http://www.ntinternals.org/ntiadv1001/ntiadv1001.html"
},
{
"trust": 0.3,
"url": "http://www.rising-global.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0692"
},
{
"db": "BID",
"id": "39627"
},
{
"db": "PACKETSTORM",
"id": "88802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0692"
},
{
"db": "BID",
"id": "39627"
},
{
"db": "PACKETSTORM",
"id": "88802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0692"
},
{
"date": "2010-04-22T00:00:00",
"db": "BID",
"id": "39627"
},
{
"date": "2010-04-22T06:51:27",
"db": "PACKETSTORM",
"id": "88802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0692"
},
{
"date": "2010-04-22T00:00:00",
"db": "BID",
"id": "39627"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "39627"
},
{
"db": "PACKETSTORM",
"id": "88802"
}
],
"trust": 0.4
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rising Antivirus 2010 RsAssist.sys Driver Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0692"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "39627"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…