CVE-2018-5718 - OpenCVE

Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Safensoft	Softcontrol Enterprise Suite Softcontrol Syswatch Softcontrol Tpsecure

Configuration 1 [-]

OR	cpe:2.3:a:safensoft:softcontrol_enterprise_suite::::::::
	cpe:2.3:a:safensoft:softcontrol_syswatch::::::::
	cpe:2.3:a:safensoft:softcontrol_tpsecure::::::::

No data.

References

Link	Providers
http://www.safensoft.com/security.phtml?c=865

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-06-12T16:00:00

Updated: 2024-08-05T05:40:51.265Z

Reserved: 2018-01-16T00:00:00

Link: CVE-2018-5718

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-06-12T16:29:00.327

Modified: 2018-08-14T16:50:44.247

Link: CVE-2018-5718

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-12T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.safensoft.com/security.phtml?c=865"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5718", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.safensoft.com/security.phtml?c=865", "refsource": "CONFIRM", "url": "http://www.safensoft.com/security.phtml?c=865"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:40:51.265Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.safensoft.com/security.phtml?c=865"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-5718", "datePublished": "2018-06-12T16:00:00", "dateReserved": "2018-01-16T00:00:00", "dateUpdated": "2024-08-05T05:40:51.265Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:safensoft:softcontrol_enterprise_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "D85B69C0-7CFC-4F37-937C-7D2DFCE4FC58", "versionEndExcluding": "4.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:safensoft:softcontrol_syswatch:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A3034D7-A6E4-4E4B-9D0E-462D022AAB3E", "versionEndExcluding": "4.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:safensoft:softcontrol_tpsecure:*:*:*:*:*:*:*:*", "matchCriteriaId": "26A575BB-925A-4EF4-8BAE-561B98ECBF30", "versionEndExcluding": "4.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process."}, {"lang": "es", "value": "Una restricci\u00f3n incorrecta de operaciones de escritura en los l\u00edmites del b\u00fafer de memoria en snscore.sys en SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure y SoftControl/SafenSoft Enterprise Suite en versiones anteriores a la 4.4.1 permite que usuarios locales provoquen una denegaci\u00f3n de servicio (BSOD) o modifiquen la memoria del modo kernel mediante la carga de un DLL falsificado en un proceso del modo de usuario."}], "id": "CVE-2018-5718", "lastModified": "2018-08-14T16:50:44.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-12T16:29:00.327", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.safensoft.com/security.phtml?c=865"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}