Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2017-15920
HistoryOct 30, 2017 - 3:29 p.m.

CVE-2017-15920

2017-10-3015:29:00
CWE-476
mitre
web.nvd.nist.gov
40
cve-2017-15920
watchdog anti-malware
online security pro
null pointer dereference
ioctl
vulnerability
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.5%

JSON

In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.

Affected configurations

Nvd
Node
watchdogdevelopmentanti-malwareMatch2.74.186.150
OR
watchdogdevelopmentonline_security_proMatch2.74.186.150
VendorProductVersionCPE
watchdogdevelopmentanti-malware2.74.186.150cpe:2.3:a:watchdogdevelopment:anti-malware:2.74.186.150:*:*:*:*:*:*:*
watchdogdevelopmentonline_security_pro2.74.186.150cpe:2.3:a:watchdogdevelopment:online_security_pro:2.74.186.150:*:*:*:*:*:*:*

Related

nvd 1
cvelist 1
prion 1
zdt 1
exploitdb 1
packetstorm 1
exploitpack 1
nvd
nvd
CVE-2017-15920
2017-10-30 15:29:00
cvelist
cvelist
CVE-2017-15920
2017-10-30 15:00:00
prion
prion
Null pointer dereference
2017-10-30 15:29:00
zdt
zdt
Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference Exploit
2017-10-27 00:00:00
exploitdb
exploitdb
Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference
2017-10-26 00:00:00
packetstorm
packetstorm
Watchdog Development Anti-Malware / Online Security Pro NULL Pointer Dereference
2017-10-27 00:00:00
exploitpack
exploitpack
Watchdog Development Anti-Malware Online Security Pro - NULL Pointer Dereference
2017-10-26 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.5%

JSON
Related for CVE-2017-15920
nvd1cvelist1prion1zdt1exploitdb1packetstorm1exploitpack1