CVE-2017-16551

Vulnerability

A privilege escalation vulnerability exists in K7 Antivirus Premium (and other K7 Security products) prior to version 15.1.0.53. The vulnerability allows a local user to send a specific IOCTL after setting memory in a particular way, leading to privilege escalation. Affected products include K7 Anti-Virus Plus, K7 Anti-Virus Premium, K7 Internet Security, K7 Ultimate Security, K7 Total Security, K7 Total Security Plus, and K7 Endpoint [1].

Exploitation

An attacker must have local access to the system. The exploit requires the attacker to set memory in a specific manner and then send a crafted IOCTL to the kernel driver. The exact memory manipulation and IOCTL code are not publicly detailed but are necessary for successful exploitation [1].

Impact

Successful exploitation allows a local attacker to gain elevated privileges, potentially leading to full system compromise. The attacker can execute arbitrary code with kernel-level privileges, bypassing user-mode security restrictions [1].

Mitigation

K7 Computing has released fixed versions: K7 Anti-Virus Plus (15.1.0308), K7 Anti-Virus Premium (15.1.0314), K7 Internet Security (15.1.0297), K7 Ultimate Security (15.1.0324), K7 Total Security (15.1.0324), K7 Total Security Plus (16.0.0131), and K7 Endpoint (14.2.0137) [1]. Users should upgrade to these versions or later as soon as possible.