Threat Intelligence / CVE / CVE-2017-16237

CVE-2017-16237

EPSS 0.2% · Published 2017-11-03

In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.

Threats tracking this CVE

Lazarus RemotePE Memory-Only RAT — DPAPILoader + RemotePELoader Chain Targeting Financial & Cryptocurrency Firms — HIGH

References

http://www.securityfocus.com/bid/101851
https://www.exploit-db.com/exploits/43109/

Full detection coverage & IOCs for threats exploiting CVE-2017-16237 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence