CVE-2017-15920

HIGH

Watchdog Anti-Malware and Online Security Pro 2.74.186.150 - NULL Pointer Dereference via ioctl 0x80002054

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-15920. PoCs published by Parvez Anwar.

AI-analyzed exploit summary This exploit triggers a null pointer dereference in the Watchdog Development Anti-Malware driver (zam32.sys) via IOCTL 0x80002010 or 0x80002054, causing a denial-of-service (BSOD) on 32-bit Windows 7 SP1.

Description

In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.

Exploits (1)

exploitdb WORKING POC
by Parvez Anwar · cdoswindows
https://www.exploit-db.com/exploits/43058

This exploit triggers a null pointer dereference in the Watchdog Development Anti-Malware driver (zam32.sys) via IOCTL 0x80002010 or 0x80002054, causing a denial-of-service (BSOD) on 32-bit Windows 7 SP1.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Watchdog Development Anti-Malware/Online Security Pro 2.74.186.150 (zam32.sys 2.21.63)
No auth needed
Prerequisites: Access to the target system to execute the binary · Watchdog Development Anti-Malware driver installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43058/

Scores

CVSS v3 7.5
EPSS 0.0966
EPSS Percentile 93.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (2)
watchdogdevelopment/anti-malware 2.74.186.150
watchdogdevelopment/online_security_pro 2.74.186.150
Published Oct 30, 2017
Tracked Since Feb 18, 2026