CVE-2018-15736

Vulnerability

The driver file szkg64.sys in STOPzilla AntiMalware version 6.5.2.59 lacks validation of the output buffer address value when processing IOCTL code 0x8000204F. This issue allows a local attacker to cause a denial of service (BSOD) by sending a crafted IOCTL request. The vulnerability is one of nine kernel-mode flaws discovered in this product [1][2].

Exploitation

An attacker with local access (or limited privilege) can open a handle to the device object associated with the STOPzilla driver and send an IOCTL with code 0x8000204F. The driver does not verify the output buffer pointer, so the attacker can supply an arbitrary kernel address as the output buffer, leading to a system crash. No authentication or user interaction beyond local execution is required [2].

Impact

Successful exploitation causes a denial of service by repeatedly crashing the system (Blue Screen of Death). The attacker does not gain code execution or data access; the impact is limited to availability loss. The crash may disrupt operations but does not lead to privilege escalation or information disclosure [2].

Mitigation

The vendor (STOPzilla) did not respond to disclosure attempts during the coordination period, and no official patch had been released as of the publication date [2]. Users should consider restricting local access to the system or uninstalling the affected product until a fix is provided. This CVE is not listed in CISA’s Known Exploited Vulnerabilities catalog.