#VU67629 Out-of-bounds read in Deep Security
Vulnerability identifier: #VU67629
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Deep Security
Client/Desktop applications /
Software for system administration
Vendor:
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the User Mode Hooking Monitor Engine. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://www.zerodayinitiative.com/advisories/ZDI-22-1298/
http://success.trendmicro.com/dcx/s/solution/000291590?language=en_US
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
