// For flags

CVE-2014-7136

 

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call.

Desbordamiento de buffer basado en memoria dinámica en el controlador del modo de kernel K7FWFilt.sys (también conocido como K7Firewall Packet Driver) anterior a 14.0.1.16, utilizado en múltiples productos de K7 Computing, permite a usuarios locales ejecutar código arbitrario con privilegios de kernel a través de un parámetro manipulado en una llamada API DeviceIoControl.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-09-21 CVE Reserved
  • 2014-12-10 CVE Published
  • 2024-02-26 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
K7computing
Search vendor "K7computing"
 K7firewall Packet Driver
Search vendor "K7computing" for product "K7firewall Packet Driver"
 <= 14.0.1.15
Search vendor "K7computing" for product "K7firewall Packet Driver" and version " <= 14.0.1.15"
-
Affected