CVE-2017-7441
N/A
N/A
Summary
In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.nuitduhack.com/fr/planning/talk_10
- https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/
References
- https://www.nuitduhack.com/fr/planning/talk_10
- https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.