CVE-2018-3970

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
References
Link Resource
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635 Exploit Third Party Advisory
http://www.securityfocus.com/bid/105743 Broken Link Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:sophos:hitmanpro.alert:3.7.6.744:*:*:*:*:*:*:*

Information

Published : 2018-10-25 11:29

Updated : 2023-02-02 05:47


NVD link : CVE-2018-3970

Mitre link : CVE-2018-3970


JSON object : View

CWE
CWE-908

Use of Uninitialized Resource

Advertisement

dedicated server usa

Products Affected

sophos

  • hitmanpro.alert