VYPR

Hitmanpro

by Sophos

CVEs (8)

  • CVE-2017-6008HigSep 13, 2017
    risk 0.54cvss 7.8epss 0.02

    A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.

  • CVE-2017-7441HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some…

  • CVE-2017-6007MedSep 13, 2017
    risk 0.36cvss 5.5epss 0.00

    A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.

  • CVE-2021-25271Oct 7, 2021
    risk 0.00cvss epss 0.00

    A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.

  • CVE-2021-25270Oct 7, 2021
    risk 0.00cvss epss 0.00

    A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.

  • CVE-2020-9540Mar 1, 2020
    risk 0.00cvss epss 0.00

    Sophos HitmanPro.Alert before build 861 allows local elevation of privilege.

  • CVE-2018-3970Oct 25, 2018
    risk 0.00cvss epss 0.00

    An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send…

  • CVE-2018-3971Oct 25, 2018
    risk 0.00cvss epss 0.01

    An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An…