As any other software, the SafeíNíSec Corporation products can have software bugs. Some of them can be exploited by an attacker to perform unauthorized actions within a computer system. Such bugs are known as software vulnerabilities.
||Are there known exploits or incidents?
||Affected components and products
||What to do?
|Due to a bug (improper restriction of write operations within the bounds of a memory
buffer) in DLL-controlling code in the driver snscore.sys, it is possible to a local user to write data in kernel-mode memory. It can cause a BSOD (reproduces in our lab) or arbitrary modification of kernel-mode code or data (not reproduced in our lab but is theoretically possible). To exploit this vulnerability the attacker can create a special DLL and load it into a user-mode process.
||SoftControl/SafenSoft SysWatch before 4.4.1, SoftControl/SafenSoft TPSecure before 4.4.1, SoftControl/SafenSoft Enterprise Suite before 4.4.1
||Update your product to version 4.4.X or above
* Internal code of SafeíNíSec Corporation (prefix SNSVE) and/or code in public base of vulnerabilities on cve.mitre.org (prefix CVE).
Print this page