|Title:||Sophos HitmanPro.Alert Multiple Vulnerabilities (Windows)|
|Summary:||Sophos HitmanPro.Alert version 188.8.131.524 is prone to multiple vulnerabilities.|
Sophos HitmanPro.Alert version 184.108.40.2064 is prone to multiple vulnerabilities.
- An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 220.127.116.114.
- A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption.
- Additionally an exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality.
- A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger these vulnerabilities.
Sophos HitmanPro.Alert version 18.104.22.1684.
Upgrade to Sophos HitmanPro.Alert 3.7.9 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2018-3970|
BugTraq ID: 105743
Common Vulnerability Exposure (CVE) ID: CVE-2018-3971
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.