First published: Fri Mar 30 2018(Updated: )
A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
KINGSOFT Internet Security 9 Plus | =2010.06.23.247 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-9151.
The severity of CVE-2018-9151 is medium.
The affected software for CVE-2018-9151 is KINGSOFT Internet Security 9 Plus version 2010.06.23.247.
Local non-privileged users can exploit CVE-2018-9151 by sending IOCTL 0x80030030 requests to the kernel driver KWatch3.sys.
Yes, you can find more information about CVE-2018-9151 at http://seclists.org/fulldisclosure/2018/Mar/78.