### Public Reference for CVE-2021-31727
###### Affected Product: MalwareFox AntiMalware 2.74.0.150
###### Affected Component: zam64.sys, zam32.sys
###### Vulnerability Type: Local, incorrect access control
###### Impact: High, arbitrary ring 0 code execution
#### Description
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \\.\ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTL's to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile.
###### A proof of concept for disk read/writing is available at [disk_rw/main.c](disk_rw/main.c).