Baidu Antivirus Process Termination Vulnerability via Bring Your Own Vulnerable Driver Attack
Vulnerability
A vulnerability in the BdApiUtil driver of Baidu Antivirus version 5.2.3.116083 allows for arbitrary process termination. This issue can be exploited by executing a Bring Your Own Vulnerable Driver (BYOVD) attack. While administrative privileges are required to install the driver, once installed, it can be accessed by any user.
Impact
Exploitation of this vulnerability allows for arbitrary process termination, which could disrupt normal system operations or cause loss of unsaved data.
Reproduction
To reproduce this vulnerability, first, ensure that the BdApiUtil driver is installed. This driver requires administrative privileges for installation. Once the driver is installed, it can be accessed by any user. The vulnerability can be exploited by sending an IOCTL command to the driver to terminate a process by its PID. This can be done using a C++ program that opens a handle to the driver and sends the IOCTL command with the PID of the process to be terminated.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.