PT-2017-13781 · Ikarus · Ikarus Anti.Virus

Published

2017-11-15

Updated

2017-12-05

CVE-2017-14961

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IKARUS anti.virus version 2.16.7

Description The issue arises from the ntguard.sys driver in IKARUS anti.virus, which contains an Arbitrary Write vulnerability. This vulnerability occurs due to the lack of validation of input values from the IOCtl 0x8300000c.

Recommendations For IKARUS anti.virus version 2.16.7, consider updating to a newer version that addresses this issue, as the current version does not validate input values from IOCtl 0x8300000c, leading to an Arbitrary Write vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-14961

Affected Products

Ikarus Anti.Virus

PT-2017-13781 · Ikarus · Ikarus Anti.Virus

CVE-2017-14961

Weakness Enumeration

Related Identifiers

Affected Products

References · 6