CVE-2017-16553

Vulnerability

A privilege escalation vulnerability exists in K7 Antivirus Premium versions prior to 15.1.0.53, as well as other K7 consumer and endpoint security products before their respective fixed versions [1]. The flaw resides in the kernel-mode component and is triggered by sending a specific IOCTL code after the local user arranges memory contents in a particular fashion [1].

Exploitation

An attacker must have local access to the target system and be able to execute unprivileged code [1]. The attack sequence involves two steps: first, the attacker performs specific memory setup to meet preconditions, then sends a crafted IOCTL to the vulnerable driver [1]. No user interaction beyond typical malicious execution is required.

Impact

Successful exploitation grants the attacker elevated privileges, potentially allowing full compromise of the affected system [1]. The vulnerability falls into the local privilege escalation category, enabling an unprivileged user to gain administrative or kernel-level control.

Mitigation

K7 Computing released fixed versions of all affected products on 6 November 2017 [1]. Customers should update to the following minimum versions: K7 Anti-Virus Premium 15.1.0314, K7 Anti-Virus Plus 15.1.0308, K7 Internet Security 15.1.0297, K7 Ultimate Security 15.1.0324, K7 Total Security 15.1.0324, K7 Total Security Plus 16.0.0131, and K7 Endpoint 14.2.0137 [1]. Users unable to update should ensure systems are not accessible to untrusted local users.