CVE-2017-16554

Vulnerability

K7 Antivirus Premium (and other K7 Security products) before version 15.1.0.53 allows local users to write to arbitrary memory locations through a specific set of IOCTL calls [1]. The affected products include K7 AntiVirus Plus, K7 AntiVirus Premium, K7 Internet Security, K7 Ultimate Security, K7 Total Security, K7 Total Security Plus, and K7 Endpoint Security below certain fixed versions [1].

Exploitation

An attacker with local access to the system can send a crafted sequence of IOCTL calls to the K7 driver, which then writes attacker-controlled data to an arbitrary memory location [1]. The precise steps are not detailed in the advisory, but local user privileges are required.

Impact

Successful exploitation enables the attacker to write to arbitrary kernel memory, likely leading to privilege escalation to SYSTEM or equivalent [1]. This can result in full compromise of the affected system.

Mitigation

K7 Computing has released fixed versions as of November 2017 [1]. Users should upgrade to the following minimum versions: K7 AntiVirus Plus 15.1.0308, K7 AntiVirus Premium 15.1.0314, K7 Internet Security 15.1.0297, K7 Ultimate Security 15.1.0324, K7 Total Security 15.1.0324, K7 Total Security Plus 16.0.0131, and K7 Endpoint 14.2.0137 [1]. No workarounds are provided for unpatched versions [1].