exploitDog

CVE-2017-6007

Опубликовано: 13 сент. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.9

EPSS Низкий

Описание

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.

Ссылки

https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/
Exploit
Technical Description
Third Party Advisory
https://www.nuitduhack.com/fr/planning/talk_10
Third Party Advisory
https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/
Exploit
Technical Description
Third Party Advisory
https://www.nuitduhack.com/fr/planning/talk_10
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sophos:hitmanpro:*:*:*:*:*:*:*:*

Версия до 3.7.20 (включая)

EPSS

Процентиль: 4%

0.00019

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-6pvx-mxmx-6c69

CVSS3: 5.5

github

больше 3 лет назад

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.

EPSS

Процентиль: 4%

0.00019

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-119