CVE-2014-5307
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
Desbordamiento de buffer basado en memoria dinámica en el controlador del modo de kernel PavTPK.sys de los productos Panda Security 2014 anterior a hft131306s24_r1 permite a usuarios locales ganar privilegios a través de un argumento manipulado en una llamada IOCTL 0x222008.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-08-16 CVE Reserved
- 2014-08-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/127948/Panda-Security-2014-Privilege-Escalation.html | X_refsource_misc |
|
| http://seclists.org/fulldisclosure/2014/Aug/53 | Mailing List |
|
| http://www.securityfocus.com/archive/1/533182/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/69293 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95382 | Vdb Entry | |
| https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5307 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pandasecurity Search vendor "Pandasecurity" | Panda Av Pro 2014 Search vendor "Pandasecurity" for product "Panda Av Pro 2014" | 13.01.01 Search vendor "Pandasecurity" for product "Panda Av Pro 2014" and version "13.01.01" | - |
Affected
| ||||||
| Pandasecurity Search vendor "Pandasecurity" | Panda Global Protection 2014 Search vendor "Pandasecurity" for product "Panda Global Protection 2014" | 7.01.01 Search vendor "Pandasecurity" for product "Panda Global Protection 2014" and version "7.01.01" | - |
Affected
| ||||||
| Pandasecurity Search vendor "Pandasecurity" | Panda Internet Security 2014 Search vendor "Pandasecurity" for product "Panda Internet Security 2014" | 19.01.01 Search vendor "Pandasecurity" for product "Panda Internet Security 2014" and version "19.01.01" | - |
Affected
| ||||||