Invalid Pointer Vulnerability in Kyrol Internet Security 9.0.6.9's kyrld.sys Driver Allows Privilege Escalation and Code Execution

Invalid Pointer Vulnerability in Kyrol Internet Security 9.0.6.9's kyrld.sys Driver Allows Privilege Escalation and Code Execution

CVE-2019-19820 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive.

Learn more about our User Device Pen Test.