CVE-2018-3971

CRITICAL Year: 2018
CVSS v3 Score
9.3
Critical
CVSS v2 Score
7.2
High
Weakness Type
CWE-123
View all →

Vulnerability Description

An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.

Related Vulnerabilities

CVE-2022-1523

CRITICAL
CVSS:9.1(Critical)

Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information.

CWE-1232022

CVE-2014-5435

CRITICAL
CVSS:9.8(Critical)

An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote...

CWE-1232014

CVE-2015-8271

CRITICAL
CVSS:9.8(Critical)

The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.

CWE-1232015

CVE-2020-2001

CRITICAL
CVSS:9.8(Critical)

An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interfac...

CWE-1232020

CVE-2021-38441

CRITICAL
CVSS:9.8(Critical)

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.

CWE-1232021

CVE-2021-38449

CRITICAL
CVSS:9.8(Critical)

Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memory in any location of the affected produc...

CWE-1232021