CVE-2018-15734
Description
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000206B.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
STOPzilla AntiMalware 6.5.2.59 driver szkg64.sys contains an arbitrary write vulnerability via IOCTL 0x8000206B due to missing validation of the output buffer address, allowing local privilege escalation.
Vulnerability
In STOPzilla AntiMalware version 6.5.2.59, the kernel driver szkg64.sys fails to validate the output buffer address supplied via IOCTL 0x8000206B. This allows an attacker to write arbitrary data to an arbitrary kernel memory location. The vulnerability is classified as an arbitrary write [2].
Exploitation
An attacker with user-mode access can send a crafted IOCTL 0x8000206B to the driver, specifying a target kernel address and data to write. By repeatedly invoking the IOCTL, the attacker can overwrite kernel structures such as _SEP_TOKEN_PRIVILEGES to enable high-privilege tokens, similar to the exploitation of CVE-2018-15732 described in [2].
Impact
Successful exploitation allows an attacker to write arbitrary data to arbitrary kernel memory, leading to privilege escalation to SYSTEM or complete compromise of the system. Reference [2] demonstrates gaining SeCreateTokenPrivilege and creating a privileged token.
Mitigation
No patch has been released by the vendor. The vulnerability was publicly disclosed after the vendor did not respond to reports [2]. Users should consider removing STOPzilla AntiMalware or restricting access to the driver until a fix is available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- STOPzilla/STOPzilla AntiMalwaredescription
- Range: =6.5.2.59
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.greyhathacker.netmitrex_refsource_MISC
- www.greyhathacker.netmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.