PT-2018-17097 · Iolo · Iolo System Shield Antivirus/Antispyware

Parvezghh

Publicado

2018-01-31

Atualizado

2018-02-15

CVE-2018-5701

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Iolo System Shield AntiVirus and AntiSpyware version 5.0.0.136

Description: The issue arises from the amp.sys driver file in Iolo System Shield AntiVirus and AntiSpyware, which contains an Arbitrary Write vulnerability. This vulnerability is due to the failure to validate input values from the IOCtl 0x00226003.

Recommendations: For version 5.0.0.136, consider disabling the amp.sys driver file as a temporary workaround until a patch is available. Restrict access to the IOCtl 0x00226003 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2018-5701

Produtos afetados

Iolo System Shield Antivirus/Antispyware

PT-2018-17097 · Iolo · Iolo System Shield Antivirus/Antispyware

CVE-2018-5701

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6