CVE-2017-16237
published 2017-11-03CVE-2017-16237: In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values…
PriorityP273high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.46%
70.2th percentile
In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tgsoft | vir.it_explorer | < 8.5.42 | 8.5.42 |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60
- ·The _SEP_TOKEN_PRIVILEGES offset (0x40) used in the exploit is hardcoded and may vary across different Windows kernel versions, potentially limiting reliability on untested OS builds. ↗
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3mx7-v7gf-xcv3: In Vir
ghsa_unreviewed·2022-05-17
CVE-2017-16237 [HIGH] CWE-20 GHSA-3mx7-v7gf-xcv3: In Vir
In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.
VulnCheck
tgsoft vir.it_explorer Improper Input Validation
vulncheck·2017·CVSS 7.8
CVE-2017-16237 [HIGH] tgsoft vir.it_explorer Improper Input Validation
tgsoft vir.it_explorer Improper Input Validation
In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.
Affected: tgsoft vir.it_explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.fox-it.com/2025/09/01/three-lazarus-rats-coming-for-your-cheese/#e0a93a5c-8e4c-44dd-8c3d-c34a30ce280a
No detection rules found.
No writeups or analysis indexed.
2017-11-03
Published
Exploited in the wild