CVE-2017-18019

HIGH

K7computing Total Security < 15.1.0.305 - Improper Input Validation

Title source: rule

Description

In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.

Exploits (2)

exploitdb WORKING POC

by SecuriTeam · doswindows

https://www.exploit-db.com/exploits/44046

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by SpiralBL0CK · poc

https://github.com/SpiralBL0CK/CVE-2017-18019

View Code ZIP pw:eip

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://blogs.securiteam.com/index.php/archives/3435

Scores

CVSS v3 7.1

EPSS 0.0143

EPSS Percentile 80.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-20

Status published

Products (1)

k7computing/total_security < 15.1.0.305

Published Jan 04, 2018

Tracked Since Feb 18, 2026