Vulnerabilities > CVE-2018-9151 - NULL Pointer Dereference vulnerability in Kingsoft Internet Security 9 Plus 2010.06.23.247

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

kingsoft

CWE-476

NVD

Published: 2018-03-30

Updated: 2018-04-18

Summary

A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030.

Vulnerable Configurations

Part	Description	Count
Application	Kingsoft Kingsoft Internet Security 9 Plus 2010.06.23.247	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

http://seclists.org/fulldisclosure/2018/Mar/78