CVE-2018-6525

Sažetak

In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.

Reference

http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf
https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKFsAv_0x220458

CVSS

Base:	6.1
Impact:	8.5
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:C

Zadnje važnije ažuriranje

21-02-2018 - 16:54

Objavljeno

02-02-2018 - 01:29