:: Deepquest ::

Anti-Virus solutions are split into several different components (an unprivileged user mode part, a privileged user mode part and a kernel component). Logically the different systems talk to each other. By abusing NTFS directory junctions it is possible from the unprivileged user mode part (“the UI”) to restore files from the virus quarantine with the permissions of the privileged user mode part (“Windows service”). This may results in a privileged file write vulnerability.