Vulnerabilities > Sophos > Sophos Tester

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2018-6319 NULL Pointer Dereference vulnerability in Sophos Tester 3.2.0.7
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument.
local
low complexity
sophos CWE-476
5.5
2018-02-02 CVE-2018-6318 Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.).
local
low complexity
sophos CWE-426
7.8