Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sophos Tester Tool 安全漏洞
Vulnerability Description
Sophos Tester Tool是英国Sophos公司的一款渗透测试工具。 Sophos Tester Tool 3.2.0.7 Beta版本中存在安全漏洞,该漏洞源于程序没有检测DLL。攻击者可利用该漏洞造成拒绝服务,执行恶意的代码。
CVSS Information
N/A
Vulnerability Type
N/A