CVE-2018-15729

Vulnerability

The vulnerability resides in the kernel driver szkg64.sys of STOPzilla AntiMalware version 6.5.2.59. The driver does not validate the output buffer address supplied by a user-mode caller when processing IOCTL 0x8000204B. This allows an attacker to specify an arbitrary memory address as the output buffer, leading to a system crash when the driver attempts to write to that address [2].

Exploitation

An attacker must have local access to the system and the ability to open a handle to the device driver. By sending a crafted IOCTL 0x8000204B with an invalid or unmapped output buffer address, the driver will attempt to write to that address, causing a Blue Screen of Death (BSOD) and immediate denial of service [2].

Impact

Successful exploitation results in a denial of service (system crash). The vulnerability does not provide code execution or privilege escalation; the impact is limited to system instability and potential data loss from unsaved work [2].

Mitigation

As of the publication date, no patch has been released by the vendor. The researcher reported the vulnerability but received no response. Users are advised to consider removing STOPzilla AntiMalware or restricting access to the driver until a fix is available [2].