CVE-2018-16722

Vulnerability

In Jingyun Antivirus v2.4.2.39, the kernel driver ZySandbox.sys does not validate input values when handling IOCTL 0x12360094. This missing validation allows arbitrary input to be processed without checks, leading to potential system instability. The affected version is explicitly v2.4.2.39, and the issue is related to CVE-2018-16305 [1].

Exploitation

An attacker with local user access can trigger the vulnerability by sending a crafted IOCTL request to the driver. The steps involve opening a handle to the device object exposed by ZySandbox.sys and issuing DeviceIoControl with control code 0x12360094 and malicious input. No authentication beyond local user privileges is required [1].

Impact

Successful exploitation causes a Blue Screen of Death (BSOD), resulting in denial of service. The description also notes unspecified other impact, but the available reference does not detail additional consequences. The crash occurs with SYSTEM privileges, as the driver runs in kernel mode [1].

Mitigation

No official patch or workaround has been disclosed in the available references. Users are advised to consider removing or replacing Jingyun Antivirus v2.4.2.39 if it is in use, as the product may be abandoned [1].