Vulnerability-Lookup

CNVD-2017-33078

Vulnerability from cnvd - Published: 2017-11-08

Title

Sophos HitmanPro.Alert solution和Sophos Clean SurfRight HitmanPro 安全漏洞

Description

Sophos HitmanPro.Alert solution和Sophos Clean都是英国Sophos公司的病毒防护软件。SurfRight HitmanPro是其中的一个恶意软件扫描工具。 Sophos HitmanPro.Alert solution和Sophos Clean中的SurfRight HitmanPro 3.7.20 Build 286之前的版本存在安全漏洞。攻击者可借助带有0x22E1C0代码的IOCTL利用该漏洞泄露内存数据。

Severity

高

Patch Name

Sophos HitmanPro.Alert solution和Sophos Clean SurfRight HitmanPro 安全漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.hitmanpro.com/

Reference

https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/

Impacted products

Name
Sophos Clean SurfRight HitmanPro <3.7.20 Build 286

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7441",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7441"
    }
  },
  "description": "Sophos HitmanPro.Alert solution\u548cSophos Clean\u90fd\u662f\u82f1\u56fdSophos\u516c\u53f8\u7684\u75c5\u6bd2\u9632\u62a4\u8f6f\u4ef6\u3002SurfRight HitmanPro\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6076\u610f\u8f6f\u4ef6\u626b\u63cf\u5de5\u5177\u3002\r\n\r\nSophos HitmanPro.Alert solution\u548cSophos Clean\u4e2d\u7684SurfRight HitmanPro 3.7.20 Build 286\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5e26\u67090x22E1C0\u4ee3\u7801\u7684IOCTL\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u5185\u5b58\u6570\u636e\u3002",
  "discovererName": "BAYET Corentin",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.hitmanpro.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33078",
  "openTime": "2017-11-08",
  "patchDescription": "Sophos HitmanPro.Alert solution\u548cSophos Clean\u90fd\u662f\u82f1\u56fdSophos\u516c\u53f8\u7684\u75c5\u6bd2\u9632\u62a4\u8f6f\u4ef6\u3002SurfRight HitmanPro\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6076\u610f\u8f6f\u4ef6\u626b\u63cf\u5de5\u5177\u3002\r\n\r\nSophos HitmanPro.Alert solution\u548cSophos Clean\u4e2d\u7684SurfRight HitmanPro 3.7.20 Build 286\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5e26\u67090x22E1C0\u4ee3\u7801\u7684IOCTL\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u5185\u5b58\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sophos HitmanPro.Alert solution\u548cSophos Clean SurfRight HitmanPro \u5b89\u5168\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Sophos Clean SurfRight HitmanPro \u003c3.7.20 Build 286"
  },
  "referenceLink": "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-20",
  "title": "Sophos HitmanPro.Alert solution\u548cSophos Clean SurfRight HitmanPro \u5b89\u5168\u6f0f\u6d1e"
}

CVE-2017-7441 (GCVE-0-2017-7441)

Vulnerability from cvelistv5 – Published: 2017-09-13 08:00 – Updated: 2024-08-05 16:04

Summary

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.nuitduhack.com/fr/planning/talk_10	x_refsource_MISC
	https://trackwatch.com/kernel-pool-overflow-explo…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nuitduhack.com/fr/planning/talk_10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T07:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nuitduhack.com/fr/planning/talk_10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7441",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nuitduhack.com/fr/planning/talk_10",
              "refsource": "MISC",
              "url": "https://www.nuitduhack.com/fr/planning/talk_10"
            },
            {
              "name": "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/",
              "refsource": "MISC",
              "url": "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7441",
    "datePublished": "2017-09-13T08:00:00",
    "dateReserved": "2017-04-05T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-33078

CVE-2017-7441 (GCVE-0-2017-7441)

Tags

Sightings

Nomenclature