Vulnerability Details : CVE-2018-15737
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002043.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2018-15737
- cpe:2.3:a:stopzilla:antimalware:6.5.2.59:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-15737
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-15737
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-15737
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-15737
-
https://www.greyhathacker.net/?p=1025
Exploiting STOPzilla AntiMalware Arbitrary Write Vulnerability using SeCreateTokenPrivilege | GreyHatHacker.NETExploit;Third Party Advisory
-
https://www.greyhathacker.net
GreyHatHacker.NET | Malware, Vulnerabilities, Exploits and more . . .Exploit;Third Party Advisory
Jump to