Back to search
CVE-2017-18019
Published: Jan 4, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://blogs.securiteam.com/index.php/archives/3435
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now