|Title:||Sophos HitmanPro.Alert Multiple Vulnerabilities (Windows)|
|Summary:||Sophos HitmanPro.Alert version 220.127.116.114 is prone to multiple vulnerabilities.|
Sophos HitmanPro.Alert version 18.104.22.1684 is prone to multiple vulnerabilities.
- An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 22.214.171.1244.
- A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption.
- Additionally an exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality.
- A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger these vulnerabilities.
Sophos HitmanPro.Alert version 126.96.36.1994.
Upgrade to Sophos HitmanPro.Alert 3.7.9 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2018-3970|
BugTraq ID: 105743
Common Vulnerability Exposure (CVE) ID: CVE-2018-3971
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.