CVE-2018-15737

Vulnerability

The kernel driver szkg64.sys in STOPzilla AntiMalware version 6.5.2.59 does not validate the output buffer address value for the IOCTL 0x80002043. This vulnerability is classified as a Denial of Service (DoS) and is one of several similar issues discovered in the driver [2]. The affected component is the driver's handling of device I/O control requests, where an attacker-controlled output buffer pointer is used without proper validation.

Exploitation

An attacker with local user access can exploit this vulnerability by opening a handle to the device exposed by szkg64.sys and sending a crafted IOCTL with code 0x80002043 while providing an invalid output buffer address. This causes the driver to attempt to write to an arbitrary memory location, leading to a system crash (BSOD). No authentication or special privileges are required beyond the ability to interact with the driver from user mode [2].

Impact

Successful exploitation results in a denial of service, crashing the Windows system via a bugcheck (blue screen). The vulnerability does not allow privilege escalation or arbitrary code execution; the primary impact is system instability and availability loss [2].

Mitigation

As of the publication date, no official patch has been released by STOPzilla. The vendor was reportedly unresponsive during disclosure [2]. Users are advised to update the software if a fix becomes available, or consider uninstalling STOPzilla AntiMalware until a patch is provided. No workarounds are documented in the available references.