Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:k7computing:total_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "81F96360-A226-4B7B-8EC1-C7478205424C", "versionEndExcluding": "15.1.0.305", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\\\.\\K7Sentry DeviceIoControl call with an invalid kernel pointer."}, {"lang": "es", "value": "En K7 Total Security en versiones anteriores a la 15.1.0.305, las entradas controladas por el usuario en el dispositivo K7Sentry no est\u00e1n suficientemente saneadas: las entradas controladas por el usuario se pueden utilizar para comparar una direcci\u00f3n de memoria arbitraria con un valor fijo, que a su vez se puede usar para leer contenidos de memoria arbitraria. De manera similar, el producto se cierra de manera inesperada despu\u00e9s de que se realice una llamada \\\\.\\K7Sentry DeviceIoControl con un puntero de kernel no v\u00e1lido."}], "id": "CVE-2017-18019", "lastModified": "2024-11-21T03:19:10.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-04T04:29:00.220", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blogs.securiteam.com/index.php/archives/3435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://blogs.securiteam.com/index.php/archives/3435"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}