7.8
HIGH
CVE-2017-6008
Sophos HitmanPro Kernel Pool Overflow
Description

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.

INFO

Published Date :

Sept. 13, 2017, 8:29 a.m.

Last Modified :

Oct. 29, 2017, 1:29 a.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2017-6008 has a 14 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2017-6008 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Sophos hitmanpro
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2017-6008.

URL Resource
https://github.com/cbayet/Exploit-CVE-2017-6008 Exploit Third Party Advisory
https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/ Exploit Technical Description Third Party Advisory
https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/ Exploit Technical Description Third Party Advisory
https://www.exploit-db.com/exploits/43057/
https://www.nuitduhack.com/fr/planning/talk_10 Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2

HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion

exploit hevd kernel windows

C C++

Updated: 2 months, 3 weeks ago
36 stars 7 fork 7 watcher
Born at : July 7, 2024, 5:41 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
lnick2023/nicenice

None

Updated: 1 year, 10 months ago
0 stars 0 fork 0 watcher
Born at : Jan. 11, 2023, 1:21 p.m. This repo has been linked 1042 different CVEs too.
Profile Photo
readloud/Awesome-Stars

A curated list of my GitHub stars! Generated by starred

Updated: 11 months, 1 week ago
1 stars 0 fork 0 watcher
Born at : Oct. 8, 2022, 12:38 p.m. This repo has been linked 62 different CVEs too.
Profile Photo
xbl2022/awesome-hacking-lists

None

Updated: 2 years, 6 months ago
0 stars 0 fork 0 watcher
Born at : April 30, 2022, 6:06 p.m. This repo has been linked 55 different CVEs too.
Profile Photo
cbwang505/poolfengshui

笔者的在原作者池风水利用工具(以下简称工具)基础上进行二次开发,新增了全自动获取内核调试模块符号的偏移量及配置参数和不同漏洞利用方式优化等功能, 解决了不同Windows版本适配问题,工具包括适配驱动和利用程序两部分组成,实现了在Windows 10 19H1之后任意版本包括满补丁系统上的稳定利用.

C C++ PowerShell

Updated: 2 months, 4 weeks ago
77 stars 28 fork 28 watcher
Born at : Dec. 30, 2021, 8:41 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
pravinsrc/NOTES-windows-kernel-links

None

Updated: 3 months, 1 week ago
1 stars 1 fork 1 watcher
Born at : May 16, 2021, 3:25 p.m. This repo has been linked 27 different CVEs too.
Profile Photo
NetW0rK1le3r/awesome-hacking-lists

None

Updated: 2 months, 3 weeks ago
70 stars 21 fork 21 watcher
Born at : Jan. 11, 2021, 4:22 a.m. This repo has been linked 62 different CVEs too.
Profile Photo
taielab/awesome-hacking-lists

平常看到好的渗透hacking工具和多领域效率工具的集合

web hacking awesome-list hacker hacking-tool kali-scripts hacking-tools pentesting-tools pentest-scripts bounty-hunters bug-bounty bugbounty bugbounty-tool

Updated: 2 months, 2 weeks ago
985 stars 180 fork 180 watcher
Born at : June 12, 2020, 9:16 a.m. This repo has been linked 91 different CVEs too.
Profile Photo
xbl3/awesome-cve-poc_qazbnm456

None

Updated: 3 months, 1 week ago
13 stars 4 fork 4 watcher
Born at : May 25, 2020, 7:51 a.m. This repo has been linked 1027 different CVEs too.
Profile Photo
Ondrik8/exploit

None

Updated: 3 months, 1 week ago
110 stars 31 fork 31 watcher
Born at : Dec. 22, 2019, 11:49 a.m. This repo has been linked 33 different CVEs too.
Profile Photo
CrackerCat/Kernel-Security-Development

None

Updated: 1 year, 11 months ago
3 stars 0 fork 0 watcher
Born at : March 21, 2019, 6:24 a.m. This repo has been linked 14 different CVEs too.
Profile Photo
ExpLife0011/awesome-windows-kernel-security-development

windows kernel security development

rootkit bootkit antirootkit antivirus shellcode driver framework

Updated: 2 months, 2 weeks ago
1936 stars 492 fork 492 watcher
Born at : March 19, 2018, 2:16 a.m. This repo has been linked 27 different CVEs too.
Profile Photo
cbayet/Exploit-CVE-2017-6008

Exploits for CVE-2017-6008, a kernel pool buffer overflow leading to privilege escalation.

C++

Updated: 3 months, 1 week ago
115 stars 25 fork 25 watcher
Born at : May 30, 2017, 9:55 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
qazbnm456/awesome-cve-poc

✍️ A curated list of CVE PoCs.

awesome cve poc

Updated: 2 months, 2 weeks ago
3289 stars 678 fork 678 watcher
Born at : Feb. 2, 2017, 6:43 a.m. This repo has been linked 1042 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2017-6008 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2017-6008 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Oct. 29, 2017

    Action Type Old Value New Value
    Added Reference https://www.exploit-db.com/exploits/43057/ [No Types Assigned]
  • Initial Analysis by [email protected]

    Sep. 21, 2017

    Action Type Old Value New Value
    Added CVSS V2 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.nuitduhack.com/fr/planning/talk_10 No Types Assigned https://www.nuitduhack.com/fr/planning/talk_10 Third Party Advisory
    Changed Reference Type https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/ No Types Assigned https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-7/ Exploit, Technical Description, Third Party Advisory
    Changed Reference Type https://github.com/cbayet/Exploit-CVE-2017-6008 No Types Assigned https://github.com/cbayet/Exploit-CVE-2017-6008 Exploit, Third Party Advisory
    Changed Reference Type https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/ No Types Assigned https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/ Exploit, Technical Description, Third Party Advisory
    Added CWE CWE-119
    Added CPE Configuration OR *cpe:2.3:a:sophos:hitmanpro:3.7.20:*:*:*:*:*:*:* (and previous)
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.08 }} 0.00%

score

0.30199

percentile

CVSS30 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: