CVE-2010-1591

EUVD-2010-1617
Beijing Rising International Rising Antivirus 2008 through 2010 does not properly validate input to certain IOCTLs, including 0x83003C07, which allows local users to gain privileges via crafted IOCTL requests to the (1) HookCont.sys, (2) HookNtos.sys, (3) HOOKREG.sys, or (4) HookSys.sys device driver; or the (5) RsNTGdi.sys kernel module, reachable through \Device\RSNTGDI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Common Weakness Enumeration
References
http://osvdb.org/61946
http://secunia.com/advisories/38335
http://www.ntinternals.org/ntiadv0805/ntiadv0805.html
http://www.ntinternals.org/ntiadv0902/ntiadv0902.html
http://www.securityfocus.com/bid/37951
http://www.vupen.com/english/advisories/2010/0218
https://exchange.xforce.ibmcloud.com/vulnerabilities/55869
http://osvdb.org/61946
http://secunia.com/advisories/38335
http://www.ntinternals.org/ntiadv0805/ntiadv0805.html
http://www.ntinternals.org/ntiadv0902/ntiadv0902.html
http://www.securityfocus.com/bid/37951
http://www.vupen.com/english/advisories/2010/0218
https://exchange.xforce.ibmcloud.com/vulnerabilities/55869