POC (in C) from Exploiting (Almost) Every Antivirus Software
Note:
Almost all of our antivirus exploits for Windows are similar in nature. In some cases, we had to implement timeout values to cause a delay between downloading the EICAR test-string and creating the directory junctions. As with most race conditions, timing is everything but it’s easy to figure out the exact values with minimal effort.