CVE-2017-18019

HIGH

K7 Total Security < 15.1.0.305 - Arbitrary Memory Read via K7Sentry Device Input

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-18019. PoCs published by SecuriTeam, SpiralBL0CK.

AI-analyzed exploit summary This PoC demonstrates a memory corruption vulnerability in K7 Total Security's K7Sentry driver by sending an invalid kernel pointer via an IOCTL request, leading to a PAGE_FAULT_IN_NONPAGED_AREA crash. The exploit triggers a read operation on an arbitrary memory address, potentially allowing information leakage or further exploitation.

Description

In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.

Exploits (2)

exploitdb WORKING POC

by SecuriTeam · doswindows

https://www.exploit-db.com/exploits/44046

View Code ZIP pw:eip

This PoC demonstrates a memory corruption vulnerability in K7 Total Security's K7Sentry driver by sending an invalid kernel pointer via an IOCTL request, leading to a PAGE_FAULT_IN_NONPAGED_AREA crash. The exploit triggers a read operation on an arbitrary memory address, potentially allowing information leakage or further exploitation.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: K7 Total Security version 15.1.0.305 and earlier

No auth needed

Prerequisites: Access to the K7Sentry device driver on a vulnerable system

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by SpiralBL0CK · poc

https://github.com/SpiralBL0CK/CVE-2017-18019

View Code ZIP pw:eip

This PoC exploits CVE-2017-18019, a vulnerability in the K7Sentry.sys driver, to achieve local privilege escalation (LPE) by manipulating kernel thread objects and memory structures. The code demonstrates handle leakage, kernel address retrieval, and preparation for a ROP attack.

Classification

Working Poc 80%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: K7 Computing K7Sentry.sys (likely older versions)

No auth needed

Prerequisites: Local access to a vulnerable system · K7Sentry.sys driver loaded

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://blogs.securiteam.com/index.php/archives/3435

Scores

CVSS v3 7.1

EPSS 0.0124

EPSS Percentile 65.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-20

Status published

Products (1)

k7computing/total_security < 15.1.0.305

Published Jan 04, 2018

Tracked Since Feb 18, 2026