Vulnerabilities > Sophos > Sophos Tester > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2018-6318 Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.).
local
low complexity
sophos CWE-426
7.8