CVE-2018-19523

Name of the Vulnerable Software and Affected Versions DriverAgent version 2.2015.7.14

Description The issue allows a user to send an IOCTL (0x80002068) with a user-defined buffer size. If the size of the buffer is less than 512 bytes, the driver will overwrite the next pool header if there is one next to the user buffer's pool.

Recommendations For DriverAgent version 2.2015.7.14, as a temporary workaround, consider restricting the use of the IOCTL (0x80002068) until a patch is available. Avoid using buffer sizes less than 512 bytes in the affected IOCTL to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.