CVE-2017-6008
Description
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| sophos | hitmanpro | {"endIncluding":"3.7.20"} | |
References
- https://github.com/cbayet/Exploit-CVE-2017-6008
- https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/
- https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/
- https://www.exploit-db.com/exploits/43057/
- https://www.nuitduhack.com/fr/planning/talk_10
- https://github.com/cbayet/Exploit-CVE-2017-6008
- https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/
- https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/
- https://www.exploit-db.com/exploits/43057/
- https://www.nuitduhack.com/fr/planning/talk_10
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.