CVE-2017-14961 – IKARUS anti.virus 2.16.7 - 'ntguard_x64' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-14961
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c. • https://www.exploit-db.com/exploits/43139 http://packetstormsecurity.com/files/144955/IKARUS-AntiVirus-2.16.7-Privilege-Escalation.html https://theevilbit.blogspot.co.uk/2017/11/turning-cve-2017-14961-ikarus-antivirus.html https://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-windows-antivirus-products-ik-sa-2017-0002 • CWE-20: Improper Input Validation •
CVE-2017-9758
https://notcve.org/view.php?id=CVE-2017-9758
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." Los paquetes de controladores Savitech para Windows instalan silenciosamente un certificado autofirmado en el almacén Trusted Root Certification Authorities. • http://www.securityfocus.com/bid/101700 https://community.rsa.com/community/products/netwitness/blog/2017/10/27/inaudible-subversion-did-your-hi-fi-just-subvert-your-pc https://www.kb.cert.org/vuls/id/446847 https://zeroday.hitcon.org/vulnerability/ZD-2017-00386 • CWE-295: Improper Certificate Validation •
CVE-2017-6008 – HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow
https://notcve.org/view.php?id=CVE-2017-6008
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call. • https://www.exploit-db.com/exploits/43057 https://github.com/cbayet/Exploit-CVE-2017-6008 https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10 https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7 https://www.nuitduhack.com/fr/planning/talk_10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-6007
https://notcve.org/view.php?id=CVE-2017-6007
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call. • https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7 https://www.nuitduhack.com/fr/planning/talk_10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7441
https://notcve.org/view.php?id=CVE-2017-7441
Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt! • https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10 https://www.nuitduhack.com/fr/planning/talk_10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •