CVE-2023-1491: Max Secure Anti Virus Plus IoControlCode MaxCryptMon.sys 0x220020 access control
First published: Sat Mar 18 2023(Updated: )
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Maxpcsecure Anti Virus Plus | =19.0.2.1 | |
| =19.0.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-1491?
The severity of CVE-2023-1491 is medium (5.5).
What software is affected by CVE-2023-1491?
Max Secure Anti Virus Plus version 19.0.2.1 is affected by CVE-2023-1491.
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2023-1491.
How can an attacker exploit CVE-2023-1491?
An attacker can exploit CVE-2023-1491 by manipulating the 0x220020 function in the MaxCryptMon.sys library of the IoControlCode Handler component.
Is local access required to exploit CVE-2023-1491?
Yes, local access is required to exploit CVE-2023-1491.
- collector/mitre-cve
- collector/nvd-index
- agent/references
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/tags
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/maxpcsecure
- canonical/maxpcsecure anti virus plus
- version/maxpcsecure anti virus plus/19.0.2.1