Lucene search

MitreCVE-2017-6007

HistorySep 13, 2017 - 8:29 a.m.

CVE-2017-6007

2017-09-1308:29:00

CWE-119

mitre

web.nvd.nist.gov

cve-2017-6007

kernel pool overflow

driver

hitmanpro

sophos surfright

nvd

security vulnerability

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.

Affected configurations

Nvd

Node

sophoshitmanproRange≤3.7.20

VendorProductVersionCPE
sophoshitmanpro*cpe:2.3:a:sophos:hitmanpro:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sophos	hitmanpro	*	cpe:2.3:a:sophos:hitmanpro::::::::

References

trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/

www.nuitduhack.com/fr/planning/talk_10

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2017-6007