Published: 11/10/2023 Updated: 17/05/2024

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local malicious user to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself."

Vulnerable Product	Search on Vulmon	Subscribe to Product
echo anti cheat tool

CVE-2023-38817 A PoC and writeup on vulnerabilties discovered in echoac's driver CVE Info Number: CVE-2023-38817 Vendor: Inspect Element Ltd (13017981), trading as Echo Affected Products: echoac AntiCheat scanner tool Affected Versions: echoac - <5210, echo_driversys - All shipped versions Affected operating systems: 64Bit versions of Windows from; Windo

Hi Vigilant Signing mode was enabled on the 28th of July, 2023 Previously Unverified commits can be reasonably assumed as created by me Future commits will be marked as Verified CVEs CVE-2023-38817 | ioctlfail/echo-ac-writeup/

📟 a tiny little code offers kernel-mode read / write using vulnerable signed kernel driver.

kur A code simply offers the ability to kernel-mode read / write memory from user-mode using vulnerable signed driver Since t's just utilizing MmCopyVirtualMemory, which is undocumented yet one of the most common API, in kernel mode so you can read / write any user-mode memory without having to worry about the protection the memory page has Besides that, it has a functio

CWE-269 https://ioctl.fail/echo-ac-writeup/https://nvd.nist.gov https://github.com/kite03/echoac-poc https://github.com/pseuxide/kur

CVE-2023-38817

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect