PT-2018-17106 · Malwarefox · Malwarefox Antimalware

Published

2018-01-16

Updated

2018-02-05

CVE-2018-5714

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Malwarefox Anti-Malware version 2.72.169

Description: The issue is related to the driver file zam64.sys, which does not validate input values from IOCtl 0x80002054, allowing local users to cause a denial of service (BSOD) or possibly have other unspecified impacts.

Recommendations: For Malwarefox Anti-Malware version 2.72.169, consider updating to a newer version that addresses the issue with the zam64.sys driver file, specifically ensuring proper validation of input values from IOCtl 0x80002054 to prevent denial of service or other potential impacts.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-5714

Affected Products

Malwarefox Antimalware

PT-2018-17106 · Malwarefox · Malwarefox Antimalware

CVE-2018-5714

Weakness Enumeration

Related Identifiers

Affected Products

References · 3