Solutions

Advisory issued on 6th January, 2021

Administrator Jan-6th, 2021 9:06 0 0

Description

Multiple K7 Security Products incorrectly handled specially crafted input to internal communication channels that can potentially lead to denial of service, or local escalation of privileges.

CVE-2018-9332

CVE-2018-9333

CVE-2018-8724

CVE-2018-8725

CVE-2018-8726

CVE-2018-8044

CVE-2018-11005

CVE-2018-11006

CVE-2018-11007

CVE-2018-11008

CVE-2018-11009

CVE-2018-11010

CVE-2018-11246

List of affected products

K7 Consumer Products & K7 Endpoint Security Products

Fixed Versions

K7 Computing recommends that all customers update their products to the corresponding versions shown below:

  • K7 Ultimate Security (16.0.0001 or Higher)
  • K7 Total Security (16.0.0001 or Higher)
  • K7 Antivirus Premium (16.0.0001 or Higher)
  • K7 Enterprise Security (14.2.0001 or Higher)

Acknowledgments

We would like to express our gratitude to Paul Jeavons for reporting these vulnerabilities to us along with comprehensive PoC details

Vote

Was this article helpful?
0 out of 1 found this helpful

Leave a comment