CVE-2017-6007
MEDIUMSophos HitmanPro < 3.7.20 - Kernel Pool Overflow via IOCTL Call
Title source: llmDescription
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.
References (2)
Core 2
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/
Third Party Advisory x_refsource_misc
https://www.nuitduhack.com/fr/planning/talk_10
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
5.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (1)
sophos/hitmanpro
< 3.7.20
Published
Sep 13, 2017
Tracked Since
Feb 18, 2026