CVE-2017-16554

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 84.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

K7computing Antivirus K7computing Endpoint K7computing Internet Security +2 more

Timeline

PublishedJan 16

Latest updateMay 13

Description

K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDk7computing/antivirus< 15.1.0.53+1

▶NVDk7computing/endpoint< 14.2.0137

▶NVDk7computing/total_security< 15.1.0324+1

▶NVDk7computing/internet_security< 15.1.0297

▶NVDk7computing/ultimate_security< 15.1.0324

🔴Vulnerability Details

GHSA

GHSA-qpj4-x9mr-pfww: K7 Antivirus Premium before 15↗2022-05-13

▶

CVEList

CVE-2017-16554: K7 Antivirus Premium before 15↗2018-01-16

▶