CVE-2018-6853

Name of the Vulnerable Software and Affected Versions Sophos SafeGuard Enterprise versions prior to 8.00.5 Sophos SafeGuard Easy versions prior to 7.00.3 Sophos SafeGuard LAN Crypt versions prior to 3.95.2

Description The issue allows for Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer, an attacker can control the execution path, enabling them to write to a user-controlled address. This condition can be exploited to either zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself, allowing code execution in the context of a process running as SYSTEM.

Recommendations For Sophos SafeGuard Enterprise versions prior to 8.00.5, update to version 8.00.5 or later. For Sophos SafeGuard Easy versions prior to 7.00.3, update to version 7.00.3 or later. For Sophos SafeGuard LAN Crypt versions prior to 3.95.2, update to version 3.95.2 or later.