Vulnerability Details : CVE-2023-2875
A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Vulnerability category: Memory Corruption
Products affected by CVE-2023-2875
- cpe:2.3:a:escanav:escan_anti-virus:22.0.1400.2443:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2875
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2875
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:S/C:N/I:N/A:C |
3.1
|
6.9
|
VulDB | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
VulDB | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
VulDB | 2024-02-29 |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2023-2875
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: cna@vuldb.com (Primary)
References for CVE-2023-2875
-
https://github.com/zeze-zeze/WindowsKernelVuln/blob/master/CVE-2023-2875
WindowsKernelVuln/CVE-2023-2875 at master · zeze-zeze/WindowsKernelVuln · GitHubExploit;Third Party Advisory
-
https://drive.google.com/file/d/1fvlP0d9HmApjWhYDjgsdco7g7FPsbn0V/view?usp=sharing
DoS.zip - Google DriveExploit;Third Party Advisory
-
https://vuldb.com/?ctiid.229854
CVE-2023-2875: eScan Antivirus IoControlCode PROCOBSRVESX.SYS 0x22E008u null pointer dereferencePermissions Required;Third Party Advisory
-
https://vuldb.com/?id.229854
CVE-2023-2875: eScan Antivirus IoControlCode PROCOBSRVESX.SYS 0x22E008u null pointer dereferenceThird Party Advisory
Jump to