CVE-2018-5957

Published: Jan 21, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C.

Affected (1)

Products: Zillya: Zillya! Antivirus

Zillya

1 product

Zillya! Antivirus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zillya Zillya! Antivirus	Version 3.0.2230.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://github.com/ZhiyuanWang-Chengdu-Qihoo360/ZillyaAntivirus_POC/tree/master/0x9C40242C

Source: cve@mitre.org

Third Party Advisory

https://github.com/ZhiyuanWang-Chengdu-Qihoo360/ZillyaAntivirus_POC/tree/master/0x9C40242C

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.