Filtered by vendor Ikarussecurity
Subscribe
Total
16 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14967 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-08 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080. | |||||
CVE-2017-14962 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-08 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Out of Bounds Write vulnerability because of not validating input values from IOCtl 0x83000058, a related issue to CVE-2017-17112. | |||||
CVE-2017-14968 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-08 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113. | |||||
CVE-2017-14969 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-08 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114. | |||||
CVE-2017-17804 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-03 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000084. | |||||
CVE-2017-17795 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-03 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088. | |||||
CVE-2017-17797 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-03 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058. | |||||
CVE-2017-14963 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-03 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058. | |||||
CVE-2017-14964 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-03 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c. | |||||
CVE-2017-14966 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-03 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0. | |||||
CVE-2017-14965 | 1 Ikarussecurity | 1 Anti.virus | 2018-01-03 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc. | |||||
CVE-2017-17112 | 1 Ikarussecurity | 1 Anti.virus | 2017-12-21 | 7.2 HIGH | 7.8 HIGH |
ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request. | |||||
CVE-2017-17113 | 1 Ikarussecurity | 1 Anti.virus | 2017-12-21 | 2.1 LOW | 5.5 MEDIUM |
ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request. | |||||
CVE-2017-17114 | 1 Ikarussecurity | 1 Anti.virus | 2017-12-21 | 7.2 HIGH | 7.8 HIGH |
ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 have a Memory Corruption vulnerability via a 0x83000084 DeviceIoControl request. | |||||
CVE-2017-14961 | 1 Ikarussecurity | 1 Anti.virus | 2017-12-04 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c. | |||||
CVE-2017-15643 | 1 Ikarussecurity | 1 Ikarus Antivirus | 2017-11-14 | 7.6 HIGH | 7.4 HIGH |
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client to initiate an update transaction by modifying an update field within an HTTP 200 response, so that it refers to a nonexistent update. The attacker then modifies the HTTP 404 response so that it specifies a successfully found update, with a Trojan horse executable file (e.g., guardxup.exe) and the correct CRC32 checksum for that file. |