Zemana AntiLogger v2.74.204.664 - DoS
5,5
Medium
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
Zemana AntiLogger v2.74.204.664 - Denial of Service (DoS)
Code name
State
Public
Release date
14 mar 2024
Affected product
Zemana AntiLogger
Vendor
Zemana Ltd.
Affected version(s)
Version 2.74.204.664
Vulnerability name
Denial of Service (DoS)
Vulnerability type
Remotely exploitable
No
CVSS v3.0 vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS v3.0 base score
5.5
Exploit available
Yes
CVE ID(s)
Description
Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers.
Vulnerability
The 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers are vulnerable to Denial of Service (DoS) leading to a BSOD of the affected computer caused by a NULL pointer dereference.
In order to perform calls to any IOCTL of the zam64.sys and zamguard64.sys driver, a call to the IOCTL 0x80002010 must be performed with the current process ID as an authorized IOCTL process caller:
The handling code of the 0x80002010 IOCTL calls sub_14000F4B4:
That function receives the SystemBuffer variable as a first parameter. When the nInBufferSize value of the IOCTL request call is 0 and the lpInBuffer is NULL, the value of SystemBuffer is also 0. However, there are not checks ([1], [2], [3]) for such case before trying to dereference the variable. The result is a NULL pointer dereference:
Our security policy
We have reserved the ID CVE-2024-2204 to refer to this issue from now on.
System Information
Version: Zemana AntiLogger v2.74.204.664
Operating System: Windows
Mitigation
There is currently no patch available for this vulnerability.
References
Vendor page https://zemana.com/
Product page https://zemana.com/us/antilogger.html
Timeline
IA generativa
23 feb 2024
Vendor contacted
5 mar 2024
Public disclosure
14 mar 2024
