CVE-2016-9038 - Race Conditions vulnerability in Sophos Invincea X 6.1.324058

Publication

2018-04-24

Last modification

2018-06-13

Summary

An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability.

Classification

CWE-362 - Race Conditions

Risk level (CVSS AV:L/AC:M/Au:N/C:P/I:P/A:P)

Medium

4.4

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Sophos Invincea X  6.1.324058