CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5277
https://notcve.org/view.php?id=CVE-2018-5277
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit). ** EN DISPUTA ** En Malwarebytes Premium 3.3.1.2183, el archivo del controlador (FARFLT.SYS) permite que usuarios locales provoquen una denegación de servicio (BSOD) o que, posiblemente, tengan otro impacto sin especificar debido a que no valida los valores de entrada desde IOCtl 0x9c40e000. NOTA: El fabricante ha indicado que "no han sido capaces de reproducir el problema en ninguna versión del sistema operativo de Windows (32 o 64 bits)". • https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Malwarebytes_POC/tree/master/0x9c40e000 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-3196
https://notcve.org/view.php?id=CVE-2017-3196
PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. • http://blog.rewolf.pl/blog/?p=1778 http://www.securityfocus.com/bid/96993/discuss https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability https://www.kb.cert.org/vuls/id/600671 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-14961 – IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-14961
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c. • https://www.exploit-db.com/exploits/43139 http://packetstormsecurity.com/files/144955/IKARUS-AntiVirus-2.16.7-Privilege-Escalation.html https://theevilbit.blogspot.co.uk/2017/11/turning-cve-2017-14961-ikarus-antivirus.html https://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-windows-antivirus-products-ik-sa-2017-0002 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9758
https://notcve.org/view.php?id=CVE-2017-9758
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." Los paquetes de controladores Savitech para Windows instalan silenciosamente un certificado autofirmado en el almacén Trusted Root Certification Authorities. • http://www.securityfocus.com/bid/101700 https://community.rsa.com/community/products/netwitness/blog/2017/10/27/inaudible-subversion-did-your-hi-fi-just-subvert-your-pc https://www.kb.cert.org/vuls/id/446847 https://zeroday.hitcon.org/vulnerability/ZD-2017-00386 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7441
https://notcve.org/view.php?id=CVE-2017-7441
Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt! • https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10 https://www.nuitduhack.com/fr/planning/talk_10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •