NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ī vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. VDB-229854 is the identifier assigned to this vulnerability. The exploit has been disclosed to the public and may be used. It is possible to launch the attack on the local host. The manipulation leads to null pointer dereference. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. Update to Ivanti AV Product version 7.9.1.285 or above.Ī vulnerability, which was classified as problematic, was found in eScan Antivirus. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later.Īn out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.Ĭertain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |