Online Armor < 3.5.0.12 - 'OAmon.sys' Local Privilege Escalation

EDB-ID:

8875


Platform:

Windows

Published:

2009-06-04

////////////////////////////////////////////////////////////////////////////////////
// +----------------------------------------------------------------------------+ //
// |                                                                            | //
// | Tall Emu Pty Ltd - http://www.tallemu.com/                                 | //
// |                                                                            | //
// | Affected Software:                                                         | //
// | Online Armor Personal Firewall v3.5 < 3.5.0.12                             | //
// | Online Armor Personal Firewall AV+ < 3.5.0.12                              | //
// |                                                                            | //
// | Affected Driver:                                                           | //
// | TDI Helper Driver - OAmon.sys <= 3.1.0.0                                   | //
// |                                                                            | //
// | Local Privilege Escalation Exploit                                         | //
// | For Educational Purposes Only !                                            | //
// |                                                                            | //
// +----------------------------------------------------------------------------+ //
// |                                                                            | //
// | NT Internals - http://www.ntinternals.org/                                 | //
// | alex ntinternals org                                                       | //
// | 25 May 2009                                                                | //
// |                                                                            | //
// | References:                                                                | //
// | Online Armor (OAmon.sys) Multiple Privilege Escalation Vulnerabilities     | //
// | NTIADV0806 - http://www.ntinternals.org/ntiadv0806/ntiadv0806.html         | //
// |                                                                            | //
// | Exploiting Common Flaws in Drivers                                         | //
// | Ruben Santamarta - http://www.reversemode.com/                             | //
// |                                                                            | //
// +----------------------------------------------------------------------------+ //
////////////////////////////////////////////////////////////////////////////////////

Exploit:
http://ntinternals.org/ntiadv0806/OAmon_Exp.zip
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/8875.zip (2009-OAmon_Exp.zip)

Advisory:
http://www.ntinternals.org/ntiadv0806/ntiadv0806.html

# milw0rm.com [2009-06-04]