CVE-2018-15732

An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x80002063.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
stopzillaantimalware
6.5.2.59
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.greyhathacker.net
https://www.greyhathacker.net/?p=1025
https://www.greyhathacker.net
https://www.greyhathacker.net/?p=1025