[原文]The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 18.104.22.1683, V3 VirusBlock 2005 Build 22.214.171.1243, V3Net for Windows Server 6.0 Build 126.96.36.1993 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges.
AhnLab V3 Anti-Virus v3flt2k.sys DeviceIoControl() Local Privilege Escalation
Local Access Required
Loss of Integrity
Various AhnLab V3 products contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the 'v3flt2k.sys' real-time scan driver does not validate the source of received 'DeviceIoControl()' commands, which may allow a malicious user to run 'explorer.exe' with SYSTEM privileges and/or disable the scan engine with specially crafted 'DeviceIoControl' requests resulting in a loss of integrity.
Upgrade to version 188.8.131.527 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.