NULL Pointer Dereference Vulnerability in Kingsoft Internet Security Product
CVE-2018-9151

5.5MEDIUM

Key Information:

Vendor: Kingsoft
Status: Internet Security 9 Plus
Vendor: CVE Published:; 30 March 2018

What is CVE-2018-9151?

A NULL pointer dereference vulnerability in the KWatch3.sys kernel driver of Kingsoft Internet Security 9+ allows local non-privileged users to cause a system crash by exploiting the IOCTL 0x80030030 command. This flaw can lead to significant disruptions, making it crucial for users and administrators to apply necessary patches to safeguard their systems.

References

http://seclists.org/fulldisclosure/2018/Mar/78

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2018
Vulnerability Reserved
Mar 30, 2018