CVE-2017-15920

In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
References
Link Resource
http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html Exploit Issue Tracking Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43058/ Exploit Issue Tracking Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html Exploit Issue Tracking Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43058/ Exploit Issue Tracking Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:watchdogdevelopment:anti-malware:2.74.186.150:*:*:*:*:*:*:*
cpe:2.3:a:watchdogdevelopment:online_security_pro:2.74.186.150:*:*:*:*:*:*:*

History

21 Nov 2024, 03:15

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html - Exploit, Issue Tracking, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html - Exploit, Issue Tracking, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/43058/ - Exploit, Issue Tracking, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/43058/ - Exploit, Issue Tracking, Third Party Advisory, VDB Entry

Information

Published : 2017-10-30 15:29

Updated : 2024-11-21 03:15


NVD link : CVE-2017-15920

Mitre link : CVE-2017-15920

CVE.ORG link : CVE-2017-15920


JSON object : View

Products Affected

watchdogdevelopment

  • online_security_pro
  • anti-malware
CWE
CWE-476

NULL Pointer Dereference