Vulnerability Description
In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sophos | Hitmanpro | <= 3.7.20 |
Related Weaknesses (CWE)
References
- https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-1ExploitMitigationThird Party Advisory
- https://www.nuitduhack.com/fr/planning/talk_10Third Party Advisory
- https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-1ExploitMitigationThird Party Advisory
- https://www.nuitduhack.com/fr/planning/talk_10Third Party Advisory
FAQ
What is CVE-2017-7441?
CVE-2017-7441 is a vulnerability with a CVSS score of 7.8 (HIGH). In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak ...
How severe is CVE-2017-7441?
CVE-2017-7441 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7441?
Check the references section above for vendor advisories and patch information. Affected products include: Sophos Hitmanpro.