PT-2018-6615 · K7 · K7 Total Security

Published

2018-01-04

Updated

2018-01-19

CVE-2017-18019

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: K7 Total Security versions prior to 15.1.0.305

Description: The issue arises from insufficient sanitization of user-controlled input to the K7Sentry device, allowing the input to compare an arbitrary memory address with a fixed value. This can be exploited to read the contents of arbitrary memory. Additionally, the product crashes when a DeviceIoControl call is made to the K7Sentry device with an invalid kernel pointer.

Recommendations: For versions prior to 15.1.0.305, update to version 15.1.0.305 or later to resolve the issue. As a temporary workaround, consider restricting access to the K7Sentry device to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-18019

Affected Products

K7 Total Security

PT-2018-6615 · K7 · K7 Total Security

CVE-2017-18019

Weakness Enumeration

Related Identifiers

Affected Products

References · 4