Vulnerability found in Sophos anti-malware product

News by Robert Abel

Cisco Talos researchers identified a memory disclosure flaw and a code execution vulnerability in the malware detection and protection tool Sophos HitmanPro.Alert.

Cisco Talos researchers identified a memory disclosure flaw and a code execution vulnerability in the malware detection and protection tool Sophos HitmanPro.Alert.

Both vulnerabilities are in the input/output control (IOCTL) message handler with one of the bugs allowing an attacker to read kernel memory contents, while the other glitch allows code execution and privilege escalation, according to a 25 October security advisory.  

One of the flaws is an exploitable memory disclosure that can be exploited by a specially crafted IOCTL request sent by any user on the system to the hmpalert device and results in the contents from the privileged kernel memory returning to the user. 

The second flaw also exists in the IOCTL-handler function of the product and similar to the other vulnerability a specially crafted IOCTL request to the hmpalert device will allow the attacker to write to memory, resulting in remote code execution and privilege escalation.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events