Safetica STProcessMonitor Denial-of-Service Vulnerability via Crafted IOCTL Requests
Vulnerability
A denial-of-service vulnerability has been identified in the STProcessMonitor component of the Safetica Application suite, specifically in version 11.11.4.0. This vulnerability allows an admin-privileged user to send crafted IOCTL requests that terminate processes protected by a third-party implementation. The issue arises from inadequate validation of the caller in the driver's IOCTL handler, permitting unauthorized processes to disrupt critical services or applications by terminating them in kernel space.
Impact
Exploitation of this vulnerability can lead to a denial-of-service condition by interrupting essential third-party services or applications.
Reproduction
The vulnerability can be reproduced by an admin-privileged user who sends a crafted IOCTL request (0xB822200C) through an unauthorized process. This request will be handled by the driver's IOCTL handler, where the insufficient caller validation allows the termination of protected processes.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.