Vulnerabilities > CVE-2017-15920 - NULL Pointer Dereference vulnerability in Watchdogdevelopment Anti-Malware and Online Security PRO
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference. CVE-2017-15920,CVE-2017-15921. Dos exploit for Windows platform |
| file | exploits/windows/dos/43058.c |
| id | EDB-ID:43058 |
| last seen | 2017-10-27 |
| modified | 2017-10-26 |
| platform | windows |
| port | |
| published | 2017-10-26 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/43058/ |
| title | Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference |
| type | dos |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/144786/watchdogdam-null.txt |
| id | PACKETSTORM:144786 |
| last seen | 2017-10-27 |
| published | 2017-10-27 |
| reporter | Parvez Anwar |
| source | https://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html |
| title | Watchdog Development Anti-Malware / Online Security Pro NULL Pointer Dereference |