Vulnerabilities > Sophos > Hitmanpro > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-13 CVE-2017-7441 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7/3.7.20
In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks.
local
low complexity
sophos CWE-119
7.8
2017-09-13 CVE-2017-6008 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sophos Hitmanpro 3.7/3.7.20
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
local
low complexity
sophos CWE-119
7.8