CVE-2018-3971
Summary
| CVE | CVE-2018-3971 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-25 18:29:00 UTC |
| Updated | 2023-02-02 13:43:00 UTC |
| Description | An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability. |
Risk And Classification
Problem Types: CWE-123
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sophos | Hitmanpro.alert | 3.7.6.744 | All | All | All |
| Application | Sophos | Hitmanpro.alert | 3.7.6.744 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| TALOS-2018-0636 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence | MISC | www.talosintelligence.com | Exploit, Third Party Advisory |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.