Vulnerabilities > CVE-2018-6319 - NULL Pointer Dereference vulnerability in Sophos Tester 3.2.0.7
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |