CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 4CVE-2010-1591 – Rising AntiVirus 2008/2009/2010 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-1591
28 Apr 2010 — Beijing Rising International Rising Antivirus 2008 through 2010 does not properly validate input to certain IOCTLs, including 0x83003C07, which allows local users to gain privileges via crafted IOCTL requests to the (1) HookCont.sys, (2) HookNtos.sys, (3) HOOKREG.sys, or (4) HookSys.sys device driver; or the (5) RsNTGdi.sys kernel module, reachable through \Device\RSNTGDI. Beijing Rising International Rising Antivirus 2008 hasta 2010 no valida adecuadamente ciertas entradas a IOCTLs, incluida 0x83003C07, lo... • https://www.exploit-db.com/exploits/11281 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-5539
https://notcve.org/view.php?id=CVE-2008-5539
12 Dec 2008 — RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. RISING Antivirus v21.06.31.00 y posiblemente v20.61.42.00, cuando se utiliza Internet Explorer 6 o 7, permite a atacan... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1738
https://notcve.org/view.php?id=CVE-2008-1738
29 Apr 2008 — Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function. Rising Antivirus 2008 anterior a 20.38.20 permite a usuarios locales provocar una denegación de servicio (caída del sistema) mediante un puntero no válido a la estructura _CLIENT_ID en una llamada a NtOpenProcess asociada a la función System Service Descriptor Table (SSDT)... • http://secunia.com/advisories/30007 • CWE-20: Improper Input Validation •