CVE-2017-7441: Buffer Overflow
First published: Wed Sep 13 2017(Updated: )
In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sophos HitmanPro | <=3.7.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7441?
CVE-2017-7441 has a medium severity rating due to the potential for kernel data leaks.
How do I fix CVE-2017-7441?
To address CVE-2017-7441, upgrade Sophos HitmanPro to version 3.7.21 or later.
What type of vulnerability is CVE-2017-7441?
CVE-2017-7441 is a driver-level vulnerability that can lead to kernel data leaks.
What is the impact of CVE-2017-7441?
The impact of CVE-2017-7441 can include exposure of critical information to potential attackers.
Which versions of Sophos HitmanPro are affected by CVE-2017-7441?
CVE-2017-7441 affects Sophos HitmanPro versions up to and including 3.7.20.
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/event
- agent/description
- vendor/sophos
- canonical/sophos hitmanpro
- version/sophos hitmanpro/3.7.20