Vulnerabilities > CVE-2010-2308 - Local Security vulnerability in Anti-Virus Small Business Edition

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
sophos
nessus

Summary

Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function.

Nessus

NASL familyWindows
NASL idSOPHOS_7_6_20.NASL
descriptionAccording to its version number, the Sophos Anti-Virus installation on the remote Windows host is affected by a local privilege escalation vulnerability. A local attacker, exploiting this flaw, could execute arbitrary code in kernel mode and thereby gain complete control of the affected system.
last seen2020-06-01
modified2020-06-02
plugin id46860
published2010-06-10
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/46860
titleSophos Anti-Virus SAVOnAccessFilter Local Privilege Escalation