CVE-2018-3971 is a vulnerability in Sophos Hitmanpro Alert
Published on October 25, 2018
An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.
Products Associated with CVE-2018-3971
Want to know whenever a new CVE is published for Sophos Hitmanpro Alert? stack.watch will email you.
Affected Versions
Talos Sophos Version Sophos HitmanPro.Alert - hmpalert.sys 3.7.6.744 - Windows 7 x86 is affected by CVE-2018-3971Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.