CVE-2018-6318 Information

Description

In Sophos Tester Tool 3.2.0.7 Beta the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so it’s run in userland) but the driver doesn’t perform any validation of this DLL (not its signature not its hash etc.). A person can change this DLL in a local way or with a remote connection to a malicious DLL with the same name – and when the product is used this malicious DLL will be loaded aka a DLL Hijacking attack.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://29wspy.ru/exploits/CVE-2018-6318.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8