PT-2017-14285 · Unknown · Watchdog Anti-Malware+1

Parvez Anwar

Publicado

2017-10-30

Atualizado

2017-11-18

CVE-2017-15921

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Watchdog Anti-Malware version 2.74.186.150 Online Security Pro version 2.74.186.150

Description The issue arises from a NULL pointer dereference vulnerability in the zam32.sys driver. This vulnerability is triggered when an operation is sent to the ioctl 0x80002010 endpoint, due to the lack of validation for the input buffer and its size, which can be NULL or 0.

Recommendations For Watchdog Anti-Malware version 2.74.186.150, consider disabling the zam32.sys driver until a patch is available. For Online Security Pro version 2.74.186.150, consider disabling the zam32.sys driver until a patch is available.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

CVE-2017-15921

Produtos afetados

Online Security Pro

Watchdog Anti-Malware

PT-2017-14285 · Unknown · Watchdog Anti-Malware+1

CVE-2017-15921

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4