In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html | Exploit Issue Tracking Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/43058/ | Exploit Issue Tracking Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html | Exploit Issue Tracking Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/43058/ | Exploit Issue Tracking Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html - Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/43058/ - Exploit, Issue Tracking, Third Party Advisory, VDB Entry |
Information
Published : 2017-10-30 15:29
Updated : 2024-11-21 03:15
NVD link : CVE-2017-15921
Mitre link : CVE-2017-15921
CVE.ORG link : CVE-2017-15921
JSON object : View
Products Affected
watchdogdevelopment
- online_security_pro
- anti-malware
CWE
CWE-476
NULL Pointer Dereference