CVE-2023-2873

24.05.2023, 18:15

A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	5.3 MEDIUM				CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 27%

Vendor	Product	Version
filseclab	twister_antivirus	8.0 ≤ 𝑥 ≤ 8.17

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

References

https://drive.google.com/file/d/1ABRMxr6Ek02P_WAXjyYLGQ4sHYMVQTka/view?usp=sharing

https://github.com/zeze-zeze/WindowsKernelVuln/blob/master/CVE-2023-2873

https://vuldb.com/?ctiid.229852

https://vuldb.com/?id.229852

https://drive.google.com/file/d/1ABRMxr6Ek02P_WAXjyYLGQ4sHYMVQTka/view?usp=sharing

https://github.com/zeze-zeze/WindowsKernelVuln/blob/master/CVE-2023-2873

https://vuldb.com/?ctiid.229852

https://vuldb.com/?id.229852