Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9643

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2014-9643
Last Modified 09 Feb 2015 11:09:53
Published 06 Feb 2015 10:59:11
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-9643

Summary

K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call.

Vulnerable Systems

Application

  • K7computing Anti-virus Plus 14.2.0.252

  • K7computing K7sentry.sys 12.8.0.117

  • K7computing Total Security 14.2.0.252

  • K7computing Ultimate Security 14.2.0.252


References

OSVDB - 113007

MISC - http://www.greyhathacker.net/?p=818

EXPLOIT-DB - 35992

MISC - http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html


Last Updated: 27 May 2016 11:07:43