CVE-2018-6851

Name of the Vulnerable Software and Affected Versions Sophos SafeGuard Enterprise versions prior to 8.00.5 Sophos SafeGuard Easy versions prior to 7.00.3 Sophos SafeGuard LAN Crypt versions prior to 3.95.2

Description The issue allows for Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer, an attacker can control the execution path, allowing them to write a constant DWORD 0 to a user-controlled address. This can be exploited to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself, enabling the execution of code in the context of a process running as SYSTEM.

Recommendations For Sophos SafeGuard Enterprise versions prior to 8.00.5, update to version 8.00.5 or later. For Sophos SafeGuard Easy versions prior to 7.00.3, update to version 7.00.3 or later. For Sophos SafeGuard LAN Crypt versions prior to 3.95.2, update to version 3.95.2 or later.