CVE-2017-16556

Published: Jan 16, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations.

Affected (7)

Products: K7computing: Antivirus, Endpoint, Internet Security, Total Security, Ultimate Security

5 products

Internet Security

Ultimate Security

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
K7computing Antivirus	Before 15.1.0308
K7computing Antivirus	Before 15.1.0.53
K7computing Endpoint	Before 14.2.0137
K7computing Internet Security	Before 15.1.0297
K7computing Total Security	Before 15.1.0324
K7computing Total Security	Before 16.0.0131
K7computing Ultimate Security	Before 15.1.0324

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://support.k7computing.com/index.php?/selfhelp/view-article/2nd-Advisory-issued-on-6th-November-2017

Source: cve@mitre.org

Vendor Advisory

https://support.k7computing.com/index.php?/selfhelp/view-article/2nd-Advisory-issued-on-6th-November-2017

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.