Vulnerabilities > CVE-2017-15921 - NULL Pointer Dereference vulnerability in Watchdogdevelopment Anti-Malware and Online Security PRO
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference. CVE-2017-15920,CVE-2017-15921. Dos exploit for Windows platform |
file | exploits/windows/dos/43058.c |
id | EDB-ID:43058 |
last seen | 2017-10-27 |
modified | 2017-10-26 |
platform | windows |
port | |
published | 2017-10-26 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43058/ |
title | Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference |
type | dos |
Packetstorm
data source | https://packetstormsecurity.com/files/download/144786/watchdogdam-null.txt |
id | PACKETSTORM:144786 |
last seen | 2017-10-27 |
published | 2017-10-27 |
reporter | Parvez Anwar |
source | https://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html |
title | Watchdog Development Anti-Malware / Online Security Pro NULL Pointer Dereference |
References
- http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html
- http://packetstormsecurity.com/files/144786/Watchdog-Development-Anti-Malware-Online-Security-Pro-NULL-Pointer-Dereference.html
- https://www.exploit-db.com/exploits/43058/
- https://www.exploit-db.com/exploits/43058/