CVE-2017-6008 : Security Advisory and Response

Sophos SurfRight HitmanPro driver hitmanpro37.sys before version 3.7.20 Build 286 is vulnerable to a kernel pool overflow, allowing local users to gain elevated privileges through a malformed IOCTL call.

Understanding CVE-2017-6008

This CVE describes a vulnerability in the HitmanPro driver that could be exploited by local users to escalate privileges.

What is CVE-2017-6008?

The driver hitmanpro37.sys in Sophos SurfRight HitmanPro versions before 3.7.20 Build 286 is susceptible to a kernel pool overflow, enabling local users to elevate their privileges via a malformed IOCTL call.

The Impact of CVE-2017-6008

This vulnerability could be exploited by local users to gain elevated privileges on the affected systems.

Technical Details of CVE-2017-6008

The technical aspects of the CVE-2017-6008 vulnerability are as follows:

Vulnerability Description

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 allows local users to escalate privileges through a malformed IOCTL call.

Affected Systems and Versions

Product: Sophos SurfRight HitmanPro
Versions affected: Before 3.7.20 Build 286

Exploitation Mechanism

The vulnerability can be exploited by local users through a malformed IOCTL call to gain elevated privileges.

Mitigation and Prevention

Steps to mitigate and prevent exploitation of CVE-2017-6008:

Immediate Steps to Take

Update HitmanPro to version 3.7.20 Build 286 or later.
Monitor system logs for any suspicious IOCTL calls.

Long-Term Security Practices

Regularly update and patch all software and drivers.
Implement the principle of least privilege to restrict user permissions.

Patching and Updates

Apply security patches and updates provided by Sophos to address the vulnerability.