PT-2018-17570 · Superantispyware · Superantispyware Professional
Published
2018-01-31
·
Updated
2018-02-13
·
CVE-2018-6473
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SUPERAntiSpyware Professional Trial version 6.0.1254
Description
The issue arises from the driver file SASKUTIL.SYS, which fails to validate input values from IOCtl 0x9C402080, allowing local users to cause a denial of service, potentially leading to a Blue Screen of Death (BSOD), or possibly having other unspecified impacts.
Recommendations
For SUPERAntiSpyware Professional Trial version 6.0.1254, consider updating to a newer version that addresses this issue, as the current version allows for potential denial of service or other impacts due to the lack of input validation in the SASKUTIL.SYS driver file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Superantispyware Professional