CVE-2018-3970

Name of the Vulnerable Software and Affected Versions Sophos HitmanPro.Alert version 3.7.6.744

Description A memory disclosure issue exists in the 0x222000 IOCTL handler functionality. This can be triggered by a specially crafted IRP request, causing the driver to return uninitialized memory and resulting in kernel memory disclosure. An attacker can exploit this by sending a crafted IRP request.

Recommendations For Sophos HitmanPro.Alert version 3.7.6.744, consider disabling the 0x222000 IOCTL handler functionality as a temporary workaround until a patch is available. Restrict access to the driver to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.