PT-2018-17569 · Superantispyware · Superantispyware Professional
Published
2018-01-31
·
Updated
2018-02-13
·
CVE-2018-6472
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SUPERAntiSpyware Professional Trial version 6.0.1254
Description
The issue is related to the driver file SASKUTIL.SYS, which does not validate input values from IOCtl 0x9C40204c. This can allow local users to cause a denial of service, resulting in a Blue Screen of Death (BSOD), or possibly have other unspecified impacts.
Recommendations
For SUPERAntiSpyware Professional Trial version 6.0.1254, consider updating to a newer version that addresses this issue, as the current version allows for potential denial of service or other impacts due to the lack of input validation in the SASKUTIL.SYS driver file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Superantispyware Professional