CVE-2017-16237

HIGH EXPLOITED

Vir.IT eXplorer Anti-Virus <8.5.42 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2017-16237 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Parvez Anwar.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in Vir.IT eXplorer Anti-Virus by leveraging an arbitrary write in the VIAGLT64.SYS driver. It injects shellcode into winlogon.exe to spawn a command shell with elevated privileges.

Description

In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.

Exploits (1)

exploitdb WORKING POC
by Parvez Anwar · clocalwindows
https://www.exploit-db.com/exploits/43109

This exploit targets a privilege escalation vulnerability in Vir.IT eXplorer Anti-Virus by leveraging an arbitrary write in the VIAGLT64.SYS driver. It injects shellcode into winlogon.exe to spawn a command shell with elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Vir.IT eXplorer Anti-Virus 8.5.39 with VIAGLT64.SYS driver 1.0.0.11
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable Vir.IT eXplorer Anti-Virus installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101851
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43109/

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 41.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-09-01
CWE
CWE-20
Status published
Products (1)
tgsoft/vir.it_explorer < 8.5.42
Published Nov 03, 2017
Tracked Since Feb 18, 2026