Local Privilege Escalation in K7 Antivirus Premium by K7 Computing
CVE-2017-16557

7HIGH

Key Information:

Vendor: K7computing
Status: Antivirus; Internet Security; Ultimate Security; Endpoint
Vendor: CVE Published:; 16 January 2018

🔔 Create K7computing Vulnerability Alert

What is CVE-2017-16557?

K7 Antivirus Premium prior to version 15.1.0.53 contains a vulnerability that allows local users to escalate their privileges. By manipulating system memory and sending a specific IOCTL command, unauthorized users can exploit this weakness to gain elevated access rights on the system. This significant flaw poses a risk to operational security and may allow attackers to execute arbitrary commands with higher privileges.

References

https://support.k7computing.com/index.php?/selfhelp/view-...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2018
Vulnerability Reserved
Nov 6, 2017