K7Computing Total Security vulnerabilities

CVE-2017-16555 [HIGH] CWE-787 CVE-2017-16555: K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IO K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

CVE-2017-17429 [MEDIUM] CWE-20 CVE-2017-17429: In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not suffic In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.

CVE-2017-16556 [MEDIUM] CWE-20 CVE-2017-16556: In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations.

CVE-2017-18019 [HIGH] CWE-20 CVE-2017-18019: In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficie In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call w

CVE-2014-9643 [HIGH] CWE-264 CVE-2014-9643: K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.25 K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call.