ISS For Business 14.0.1400.2029 Blue Screen Of Death

In MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).


MD5 | e43f0732680669dac8762679657968d3

=====[ Tempest Security Intelligence - ADV-24/2018 ]===

eScan ISS for Business v14.0.1400.2029 - BSOD through of a IOCTL
Author: Filipe Xavier Oliveira
Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents
]=====================================================

* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Overview
]==============================================================

* System affected : eScan ISS for Business[1].
* Software Version : 14.0.1400.2029 (other versions may also be affected).
* Impact : A user may be affected by opening a malicious executable,

=====[ Detailed description
]==================================================

In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys
allows a non-privileged user to send a 0x830020E0 IOCTL request to
\\.\econceal to cause a denial of service (BSOD).

=====[ Aggravating factors ]===================================================

A malicious executable can cause a bsod on the system through the driver from antivirus.

=====[ Timeline of disclosure
]===============================================

04/17/2018 - Vulnerability reported.
04/21/2018 - The vendor receive and will check the vulnerability.

07/12/2018 - The vendor did not respond.

07/12/2018 - CVE assigned [2]

=====[ Thanks & Acknowledgements
]============================================

- Tempest Security Intelligence / Tempest's Pentest Team [3]

=====[ References
]===========================================================

[1] https://www.escanav.com/en/windows-antivirus/corporate-edition-with-hybrid.asp

[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10098
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10018>

[3] http://www.tempest.com.br <http://www.tempest.com.br/>

=====[ EOF
]====================================================================

--
Filipe Oliveira
Tempest Security Intelligence




Related Posts