CVE-2017-18019
moderate-risk
Published 2018-01-04
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.
Do I need to act?
~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10
High
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (2)
Third Party Advisory
https://blogs.securiteam.com/index.php/archives/3435
Third Party Advisory
https://blogs.securiteam.com/index.php/archives/3435
31
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
4/34 · Minimal
Exposure
5/34 · Minimal