Denial of Service Vulnerability in K7 Antivirus by K7 Computing
CVE-2018-5220

7.8HIGH

Key Information:

Vendor: K7computing
Status: Antivirus
Vendor: CVE Published:; 4 January 2018

🔔 Create K7computing Vulnerability Alert

What is CVE-2018-5220?

In K7 Antivirus version 15.1.0306, the K7Sentry.sys driver does not properly validate input values from IOCtl 0x95002610. This oversight can allow local users to trigger a denial of service condition, potentially leading to a Blue Screen of Death (BSOD) or other unspecified impacts. Because of this vulnerability, unauthorized users could exploit the system’s response to manipulated input, thereby compromising system stability.

References

https://github.com/rubyfly/K7AntiVirus_POC/tree/master/1_...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 4, 2018