+7 (495) 967-14-51 

 Contacts   Sitemap  
Language:  Russian English     Search: 
 
Main page  →  Support  →  Useful information  →  Known vulnerabilities
Technical Support
Submit Support Request
Useful information
Host Intrusion Prevention System (HIPS)
Whitelisting
Application Integrity Control
Application protection
Windows Startup / Registry Protection
Online banking security
Known vulnerabilities

News

RSS

 

Known vulnerabilities

As any other software, the SafeíNíSec Corporation products can have software bugs. Some of them can be exploited by an attacker to perform unauthorized actions within a computer system. Such bugs are known as software vulnerabilities.


Code* Description Are there known exploits or incidents? Affected components and products What to do? Reporter / Credits
SNSVE-2018-1
CVE-2018-5718
Due to a bug (improper restriction of write operations within the bounds of a memory buffer) in DLL-controlling code in the driver snscore.sys, it is possible to a local user to write data in kernel-mode memory. It can cause a BSOD (reproduces in our lab) or arbitrary modification of kernel-mode code or data (not reproduced in our lab but is theoretically possible). To exploit this vulnerability the attacker can create a special DLL and load it into a user-mode process. No SoftControl/SafenSoft SysWatch before 4.4.1, SoftControl/SafenSoft TPSecure before 4.4.1, SoftControl/SafenSoft Enterprise Suite before 4.4.1 Update your product to version 4.4.1 or above. Dmitry Turchenkov, Digital Security
SNSVE-2018-2
CVE-2018-13014
The component SysWatch uses a password to restrict the access to the configuration settings. Due to a design flaw, the stored password is recoverable from configuration database. The configuration database has access restriction but this restriction can be overcome. It allows a local attacker to recover the password and access the configuration settings of SysWatch (e. g. completely switch off the protection on the local computer). No SoftControl/SafenSoft SysWatch before 4.4.2, SoftControl/SafenSoft TPSecure before 4.4.2, SoftControl/SafenSoft Enterprise Suite before 4.4.2 Update your product to version 4.4.2 or above. If you manage your SysWatch clients using Service Center, you must update all SysWatch clients to switch the Service Center to the new password management mode. Artem Ivachev, Positive Research Center (Positive Technologies Company)
SNSVE-2018-3
CVE-2018-13013
The component SysWatch does not allow installation of MSI files that are not signed by a limited list of certificates. Due to an improper check of launching msiexec.exe it is possible to a local attacker to create a configuration in which the check of signatures of MSI files is not performed by SysWatch and it is possible to install an arbitrary MSI file and to execute an unauthorized code. No SoftControl/SafenSoft SysWatch before 4.4.9, SoftControl/SafenSoft TPSecure before 4.4.9, SoftControl/SafenSoft Enterprise Suite before 4.4.9 Update your product to version 4.4.9 or above. Artem Ivachev, Positive Research Center (Positive Technologies Company)
SNSVE-2018-4 SoftControl products have an update server. Updates of each version have a configuration file lastversion.xml and a set of update files. Due to an absence of integrity check of the file lastversion.xml it is possible to an attacker to perform a man-in-the-middle attack and replace the files for an update. It can lead to execution of unauthorized code with system privileges. No SoftControl/SafenSoft SysWatch before 4.3.10, SoftControl/SafenSoft TPSecure before 4.3.10, SoftControl/SafenSoft Enterprise Suite before 4.3.10 Update your product to version 4.3.10 or above. Artem Ivachev, Positive Research Center (Positive Technologies Company)
SNSVE-2018-5
CVE-2018-13012
SoftControl products have an update server. Updates of each version have a configuration file lastversion42.xml and a set of update files. Due to a flaw in integrity check of the file lastversion42.xml it is possible to an attacker to perform a man-in-the-middle attack and replace the files for an update. It can lead to execution of unauthorized code with system privileges. No SoftControl/SafenSoft SysWatch before 4.4.12, SoftControl/SafenSoft TPSecure before 4.4.12, SoftControl/SafenSoft Enterprise Suite before 4.4.12 Update your product to version 4.4.12 or above. Artem Ivachev, Positive Research Center (Positive Technologies Company)
SNSVE-2018-6 Due to using old versions of some 3rd party components with known vulnerabilities (Boost 1.52, Avira 8.3.36.44, OpenSSL 1.0.1c, SQLite 3.7.13) SoftControl/SafenSoft products are also vulnerable to a number of attacks. See CVE database for known vulnerabilities in those components for more details. No SoftControl/SafenSoft SysWatch before 4.4.5, SoftControl/SafenSoft TPSecure before 4.4.5, SoftControl/SafenSoft Enterprise Suite before 4.4.5 Update your product to version 4.4.5 or above. Internal research team

* Internal code of SafeíNíSec Corporation (prefix SNSVE) and/or code in public base of vulnerabilities on cve.mitre.org (prefix CVE).



Print this page

 

Computer security: Information security solutions | Host Intrusion Prevention System (HIPS) | Endpoint protection | The best virus protection | Whitelisting | Application Integrity Control | Comprehensive Malware Protection | Application protection | Windows Startup / Registry Protection | Online banking security | Online payment protection | Data leakage prevention (DLP) | Information security in medicine
2009-2018, SafeíNíSec Corporation. Privacy policy