Vulnerability Details CVE-2018-6525
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.1
References
- http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf
- https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKFsAv_0x220458
- http://inca.co.kr/include_file/pdf_down/nProtect%20AVS%20V4%20Vulnerability%20Response%20Release%20Notes.pdf
- https://github.com/ZhiyuanWang-Chengdu-Qihoo360/nProtectAntivirus_POC/tree/master/TKFsAv_0x220458
Products affected by CVE-2018-6525
-
cpe:2.3:a:inca:nprotect_avs:4.0
-
cpe:2.3:a:inca:nprotect_avs:4.0.0.38