CVE-2017-17429
https://notcve.org/view.php?id=CVE-2017-17429
In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL. En K7 Antivirus Premium en versiones anteriores a la 15.1.0.53, las entradas controladas por el usuario en el dispositivo K7Sentry no se autentican lo suficiente: un usuario local con un proceso de BAJA integridad puede acceder a un disco duro en formato raw mediante el envío de una llamada IOCTL específica. • https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-5th-December-2017 • CWE-20: Improper Input Validation •
CVE-2017-18019 – K7 Total Security 15.1.0.305 - Device Driver Arbitrary Memory Read
https://notcve.org/view.php?id=CVE-2017-18019
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer. En K7 Total Security en versiones anteriores a la 15.1.0.305, las entradas controladas por el usuario en el dispositivo K7Sentry no están suficientemente saneadas: las entradas controladas por el usuario se pueden utilizar para comparar una dirección de memoria arbitraria con un valor fijo, que a su vez se puede usar para leer contenidos de memoria arbitraria. De manera similar, el producto se cierra de manera inesperada después de que se realice una llamada \\. • https://www.exploit-db.com/exploits/44046 https://github.com/SpiralBL0CK/CVE-2017-18019 https://blogs.securiteam.com/index.php/archives/3435 • CWE-20: Improper Input Validation •
CVE-2017-10950 – Bitdefender Total Security bdfwfpf Kernel Driver Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-10950
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. • http://www.securityfocus.com/bid/100418 https://zerodayinitiative.com/advisories/ZDI-17-693 • CWE-415: Double Free •
CVE-2017-8773
https://notcve.org/view.php?id=CVE-2017-8773
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation. Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316 y Quick Heal AntiVirus Pro 10.1.0.316 son vulnerables a una escritura fuera de límites en el búfer de memoria dinámica (heap) debido a una validación incorrecta de dwCompressionSize de Microsoft WIM Header WIMHEADER_V1_PACKED. Esta vulnerabilidad puede explotarse para obtener la ejecución remota de código, así como para escalar de privilegios. • http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim • CWE-787: Out-of-bounds Write •
CVE-2017-8775
https://notcve.org/view.php?id=CVE-2017-8775
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, y Quick Heal AntiVirus Pro 10.1.0.316 son vulnerables a una corrupción de memoria al analizar archivos Mach-O malformados. • http://payatu.com/quick-heal-internet-security-memory-corruption-vulnerability-2 • CWE-787: Out-of-bounds Write •