CVE-2018-15733

Vulnerability

In STOPzilla AntiMalware version 6.5.2.59, the kernel driver szkg64.sys contains a NULL pointer dereference vulnerability in the handler for IOCTL 0x80002028. The driver fails to validate the size of the output buffer provided by the caller, allowing a caller to specify a zero or insufficiently sized buffer. When the driver attempts to write to this buffer, a NULL pointer dereference occurs, crashing the system [2].

Exploitation

An attacker with local access to the system can open a handle to the driver device and send a crafted IOCTL 0x80002028 with an output buffer size of zero or less than the expected size. No authentication or special privileges beyond the ability to interact with the driver are required. The IOCTL triggers the vulnerable code path, causing a NULL pointer dereference in kernel mode [2].

Impact

Successful exploitation results in a denial of service (DoS) condition, typically a Blue Screen of Death (BSOD). The vulnerability does not allow arbitrary code execution or privilege escalation; it only crashes the system [2].

Mitigation

As of the publication date, no official patch or update from STOPzilla has been released. The vendor did not respond to disclosure attempts [2]. Users are advised to uninstall STOPzilla AntiMalware or restrict access to the driver device until a fix is available. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.