Published: 09/11/2019 Updated: 18/03/2020

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 321

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB prior to 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
patriotmemory viper_rgb_firmware 1.0

Exploit MsIo vulnerable driver

MsIoExploit Exploit MsIo vulnerable driver Description This is a PoC for CVE-2019-18845 MsIo64sys allowing non-privileged user to map/unmap arbitrary physical memory via ZwMapViewOfSection / ZwUnmapViweOfSection If you are interested in abusing physical memory mapping, see project anycall has full implementation of client and driver-sided functionalities Allowing non-privile

Also known by Microsoft as Knifecoat 🌶️

Sharp-Suite The king is dead, long live the king I am starting a new repo with code samples in C# My heart is still with PowerShell <3, lets face it using in-line C# in PowerShell is a much nicer experience than actually using C#! However, threat emulation has to evolve over time and so does the tooling Pwn? SwampThing SwampThing lets you to spoof process command line

CWE-269 https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-012.md https://nvd.nist.gov https://github.com/kkent030315/MsIoExploit

CVE-2019-18845

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect