// For flags

CVE-2017-6007

 

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.

Un desbordamiento de espacio de memoria del kernel en el controlador hitmanpro37.sys en Sophos SurfRight HitmanPro en versiones anteriores a la 3.7.20 Build 286 (incluido en la soluciĆ³n HitmanPro.Alert y Sophos Clean) permite que usuarios remotos provoquen el cierre inesperado del sistema operativo mediante una llamada IOCTL mal formada.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-02-15 CVE Reserved
  • 2017-09-13 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sophos
Search vendor "Sophos"
Hitmanpro
Search vendor "Sophos" for product "Hitmanpro"
<= 3.7.20
Search vendor "Sophos" for product "Hitmanpro" and version " <= 3.7.20"
-
Affected