CVE-2017-16550

Vulnerability

A local privilege escalation vulnerability exists in K7 Antivirus Premium prior to version 15.1.0.53. The vulnerability is caused by improper handling of IOCTL (Input/Output Control) calls, which allows a local user to write to arbitrary memory locations. The affected products include K7 Consumer Products and K7 Endpoint Security Products, as listed in the vendor advisory [1].

Exploitation

To exploit this vulnerability, an attacker must have local access to the system. The attacker can send a specific set of IOCTL calls to the K7 Antivirus driver, which results in arbitrary memory writes. No user interaction beyond local execution is required.

Impact

Successful exploitation allows the attacker to write arbitrary data to arbitrary kernel memory locations. This can lead to privilege escalation, enabling the attacker to execute code with elevated (kernel) privileges, potentially compromising the entire system.

Mitigation

K7 Computing has released fixed versions for affected products. Users should upgrade to the following versions or later: K7 AntiVirus Plus (15.1.0308), K7 AntiVirus Premium (15.1.0314), K7 Internet Security (15.1.0297), K7 Ultimate Security (15.1.0324), K7 Total Security (15.1.0324), K7 Total Security Plus (16.0.0131), and K7 Endpoint (14.2.0137). The advisory was issued on 6th November 2017 [1].