CVE-2017-18019
Last modified
CVE-2017-18019 is a vulnerability of currently unknown severity. In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.. EPSS estimates a 1.24% chance of exploitation in the next 30 days.
Description
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| K7computing | Total Security | < 15.1.0.305 |
References
- https://blogs.securiteam.com/index.php/archives/3435Third Party Advisory
- https://blogs.securiteam.com/index.php/archives/3435Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-18019?
How severe is CVE-2017-18019?
How do I fix CVE-2017-18019?
Are you affected by CVE-2017-18019?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST