{"vulnerability": "CVE-2021-31727", "sightings": [{"uuid": "ff063b82-d03a-41c1-84c9-30df3306800e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31727", "type": "seen", "source": "https://t.me/arpsyndicate/2729", "content": "#ExploitObserverAlert\n\nCVE-2021-31727\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2021-31727. Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \\.\\ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTL's to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile.\n\nFIRST-EPSS: 0.000440000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2024-01-09T07:47:08.000000Z"}, {"uuid": "b9e5d171-a40d-4567-aefc-ee2e151cc65e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-31727", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3325", "content": "#exploit\nCVE-2021-31727, CVE-2021-31728:\nVulnerability in zam64.sys, zam32.sys allowing ring 0 code execution\nhttps://github.com/irql0/CVE-2021-31728", "creation_timestamp": "2024-02-17T14:55:47.000000Z"}]}