vuln disclosure
Zemana AntiMalware/AntiLogger Driver Vulnerabilities Allow Privilege Escalation and Arbitrary Disk AccessCVE-2023-36204, CVE-2023-36205
Researcher VoidSec disclosed two vulnerabilities in the Zemana AntiMalware and AntiLogger drivers (zamguard64.sys/zam64.sys). CVE-2023-36205 allows a non-privileged user to open a handle to any privileged process via IOCTL 0x8000204C, enabling code injection and privilege escalation to SYSTEM. CVE-2023-36204 grants unrestricted disk read/write through IOCTLs 0x80002014 and 0x80002018, allowing sensitive file disclosure or system compromise.