CVE-2022-25949

HIGH

Kingsoft Internet Security 9 Plus - Out-of-Bounds Write

Title source: rule

Description

The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.

Exploits (1)

nomisec WORKING POC 38 stars

by tandasat · poc

https://github.com/tandasat/CVE-2022-25949

View Code ZIP pw:eip

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://support.kingsoft.jp/support-info/weakness.html

Third Party Advisory third-party-advisory x_refsource_jvn

https://jvn.jp/en/jp/JVN21234459/

Scores

CVSS v3 7.8

EPSS 0.0135

EPSS Percentile 80.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

kingsoft/internet_security_9_plus 2010.06.23.247

Published Mar 17, 2022

Tracked Since Feb 18, 2026