Cisco Blogs
Share

Talos Vulnerability Deep Dive – TALOS-2018-0636 / CVE-2018-3971 Sophos HitmanPro.Alert vulnerability


November 1, 2018 - 0 Comments

Overview

Sophos patched two vulnerabilities in Sophos HitmanPro.Alert on Thursday. We publicly disclosed these issues last week here, Cisco Talos will show you the process of developing an exploit for one of these bugs. We will take a deep dive into TALOS-2018-0636/CVE-2018-3971 to show you the exploitation process.

Sophos HitmanPro.Alert is a threat-protection solution based on heuristic algorithms that detect and block malicious activity. Some of these algorithms need kernel-level access to gather the appropriate information they need. The software’s core functionality has been implemented in the `hmpalert.sys` kernel driver by Sophos. This blog will show how an attacker could leverage TALOS-2018-0636 to build a stable exploit to gain SYSTEM rights on the local machine.

<< READ MORE >>

Tags:
Leave a comment

We'd love to hear from you! Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.