CVE-2018-6476

CRITICAL

SUPERAntiSpyware Professional Trial 6.0.1254 - Privilege Escalation via SASKUTIL.SYS Driver IOCtl

Title source: llm
STIX 2.1

Description

In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0457
EPSS Percentile 90.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
superantispyware/superantispyware 6.0.1254
Published Jan 31, 2018
Tracked Since Feb 18, 2026