ID CVE-2017-15921
Summary In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
References
Vulnerable Configurations
  • cpe:2.3:a:watchdogdevelopment:anti-malware:2.74.186.150:*:*:*:*:*:*:*
    cpe:2.3:a:watchdogdevelopment:anti-malware:2.74.186.150:*:*:*:*:*:*:*
  • cpe:2.3:a:watchdogdevelopment:online_security_pro:2.74.186.150:*:*:*:*:*:*:*
    cpe:2.3:a:watchdogdevelopment:online_security_pro:2.74.186.150:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-11-2017 - 16:06)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
exploit-db 43058
misc http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html
Last major update 18-11-2017 - 16:06
Published 30-10-2017 - 15:29
Last modified 18-11-2017 - 16:06
Back to Top