CVE-2017-16549

Published: Jan 16, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

Affected (7)

Products: K7computing: Antivirus, Endpoint, Internet Security, Total Security, Ultimate Security

5 products

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
K7computing Antivirus	Before 15.1.0308
K7computing Antivirus	Before 15.1.0.53
K7computing Endpoint	Before 14.2.0137
K7computing Internet Security	Before 15.1.0297
K7computing Total Security	Before 15.1.0324
K7computing Total Security	Before 16.0.0131
K7computing Ultimate Security	Before 15.1.0324

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://support.k7computing.com/index.php?/Knowledgebase/Article/View/173/41/advisory-issued-on-6th-november-2017

Source: cve@mitre.org

Vendor Advisory

https://support.k7computing.com/index.php?/Knowledgebase/Article/View/173/41/advisory-issued-on-6th-november-2017

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.