CVE-2017-6007

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.
References
Link Resource
https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/ Exploit Technical Description Third Party Advisory
https://www.nuitduhack.com/fr/planning/talk_10 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sophos:hitmanpro:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-09-13 08:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-6007

Mitre link : CVE-2017-6007

CVE.ORG link : CVE-2017-6007


JSON object : View

Products Affected

sophos

  • hitmanpro
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer