Vulnerabilities > CVE-2019-19820 - Release of Invalid Pointer or Reference vulnerability in Kyrol Internet Security 9.0.6.9

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
kyrol
CWE-763

Summary

An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive.

Vulnerable Configurations

Part Description Count
Application
Kyrol
1

Common Weakness Enumeration (CWE)