cbcvebase.
CVE-2017-7441
published 2017-09-13

CVE-2017-7441: In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might…

PriorityP336high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.46%
36.6th percentile
In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie.

Affected

1 ranges
VendorProductVersion rangeFixed in
sophoshitmanpro<= 3.7.20

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.