Toll Free | India: 1800 419 0077
Advisory issued on 6th November, 2017
Administrator
Jul-9th, 2018 5:34

Description

K7 Security Products before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.


CVE-2017-16549

CVE-2017-16550

CVE-2017-16552

CVE-2017-16554


List of affected products

K7 Consumer Products & K7 Endpoint Security Products

Fixed Versions

K7 Computing recommends that all customers upgrade to below specified version: K7 AntiVirus Plus (15.1.0308), K7Anti Virus - Premium(15.1.0314), K7 Internet Security (15.1.0297), K7 Ultimate Security (15.1.0324), K7 Total Security (15.1.0324), K7Total Security Plus - (16.0.0131) & K7Endpoint-14.2.0137

Acknowledgments

We would like to extend our thanks to Paul Jeavons for reporting these bugs to K7 Computing Private Ltd.