CVE-2018-5701

CRITICAL

Iolo System Shield - Memory Corruption

Title source: rule

Description

In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.

Exploits (2)

exploitdb WORKING POC

by Brandon Marshall · textlocalwindows

https://www.exploit-db.com/exploits/51044

View Code ZIP pw:eip

exploitdb WORKING POC

by Parvez Anwar · clocalwindows

https://www.exploit-db.com/exploits/43929

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/146165/System-Shield-5.0.0.136-Privilege-Escalation.html

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43929/

[Exploit, Third Party Advisory] https://www.greyhathacker.net/?p=1006

Scores

CVSS v3 9.8

EPSS 0.2169

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

iolo/system_shield 5.0.0.136

Published Jan 31, 2018

Tracked Since Feb 18, 2026