DESlock+ < 3.2.7 Multiple Local Vulnerabilities
High Nessus Plugin ID 31130
SynopsisThe remote Windows host contains a program that is affected by multiple vulnerabilities.
DescriptionDESlock+ is installed on the remote host. It is used for encrypting files, folders, and emails on Windows machines.
The version of DESlock+ installed on the remote host reportedly contains several buffer overflows in its 'DLMFDISK.sys' and 'DLMFENC.sys' kernel drivers. Using specially crafted arguments to associated IOCTL handlers, a local user may be able to leverage these issues to crash the affected system or to execute arbitrary code with kernel privileges.
SolutionUpgrade to DESlock+ version 3.2.7 or later.