CVE-2014-8956
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors.
Desbordamiento de buffer basado en pila en el controlador del modo de kernel K7Sentry.sys (también conocido como K7AV Sentry Device Driver) anterior a 12.8.0.119, utilizado en múltiples productos de K7 Computing, permite a usuarios locales ejecutar código arbitrario con privilegios de kernel a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-11-18 CVE Reserved
- 2014-12-10 CVE Published
- 2024-02-26 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| K7computing Search vendor "K7computing" | K7av Sentry Device Driver Search vendor "K7computing" for product "K7av Sentry Device Driver" | <= 12.8.0.118 Search vendor "K7computing" for product "K7av Sentry Device Driver" and version " <= 12.8.0.118" | - |
Affected
| ||||||