CVE-2017-1768

MEDIUM

IBM Security Guardium Big Data Intelligence 3.1 - Exposure of Sensitive Information via Error Message

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-1768. PoCs published by AmazingOut.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2017-1768, a null pointer dereference vulnerability in Windows 7 x86 SP1. The exploit leverages the USBPcap1 driver to achieve local privilege escalation by manipulating memory and replacing the token of the current process with that of the SYSTEM process.

Description

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 136471.

Exploits (1)

github WORKING POC
by AmazingOut · cpoc
https://github.com/AmazingOut/CVE_POC/tree/main/CVE-2017-1768

This repository contains a functional proof-of-concept exploit for CVE-2017-1768, a null pointer dereference vulnerability in Windows 7 x86 SP1. The exploit leverages the USBPcap1 driver to achieve local privilege escalation by manipulating memory and replacing the token of the current process with that of the SYSTEM process.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Windows 7 x86 SP1
No auth needed
Prerequisites: USBPcap1 driver installed · Windows 7 x86 SP1 environment
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3
Core References
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/136471
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104493
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22016515

Scores

CVSS v3 4.3
EPSS 0.0138
EPSS Percentile 68.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
ibm/security_guardium_big_data_intelligence 3.1
Published May 29, 2018
Tracked Since Feb 18, 2026