This vulnerability allows local attackers to escalate privileges on vulnerable installations of Sophos SafeGuard Enterprise. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of crafted IOCTL by the lcencvm.sys kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an arbitrary write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. This module will elevate the privileges of the current agent instead of installing a new one.
CVE Link
Exploit Platform
Exploit Type
Product Name