Lucene search
Sophos Tester Security Vulnerabilities
cve
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash,...
7.8CVSS
7.2AI Score
0.001EPSS
2018-02-02 09:29 PM
20
cve
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this...
5.5CVSS
7.6AI Score
0.0004EPSS
2018-02-02 09:29 PM
20