CVE-2018-6852

Name of the Vulnerable Software and Affected Versions Sophos SafeGuard Enterprise versions prior to 8.00.5 Sophos SafeGuard Easy versions prior to 7.00.3 Sophos SafeGuard LAN Crypt versions prior to 3.95.2

Description The issue allows for Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer, an attacker can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. This condition can be exploited to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself, allowing code to run in the context of a process running as SYSTEM.

Recommendations For Sophos SafeGuard Enterprise versions prior to 8.00.5, update to version 8.00.5 or later. For Sophos SafeGuard Easy versions prior to 7.00.3, update to version 7.00.3 or later. For Sophos SafeGuard LAN Crypt versions prior to 3.95.2, update to version 3.95.2 or later.