Description
Multiple K7 Security Products incorrectly handled specially crafted input to internal communication channels that can potentially lead to denial of service, or local escalation of privileges.
CVE-2018-9332
CVE-2018-9333
CVE-2018-8724
CVE-2018-8725
CVE-2018-8726
CVE-2018-8044
CVE-2018-11005
CVE-2018-11006
CVE-2018-11007
CVE-2018-11008
CVE-2018-11009
CVE-2018-11010
CVE-2018-11246
List of affected products
K7 Consumer Products & K7 Endpoint Security Products
Fixed Versions
K7 Computing recommends that all customers update their products to the corresponding versions shown below:
- K7 Ultimate Security (16.0.0001 or Higher)
- K7 Total Security (16.0.0001 or Higher)
- K7 Antivirus Premium (16.0.0001 or Higher)
- K7 Enterprise Security (14.2.0001 or Higher)
Acknowledgments
We would like to express our gratitude to Paul Jeavons for reporting these vulnerabilities to us along with comprehensive PoC details