CVE-2014-9643
K7 Computing (Multiple Products) - Arbitrary Write Privilege Escalation
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call.
K7Sentry.sys en K7 Computing Ultimate Security, Anti-Virus Plus, y Total Security anterior a 14.2.0.253 permite a usuarios locales escribir a localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una llamada IOCTL 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, o 0x950025c8 manipulada.
Multiple products from K7 Computing suffer from an arbitrary write privilege escalation vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-01-22 CVE Reserved
- 2015-02-04 First Exploit
- 2015-02-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/113007 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/35992 | 2015-02-04 | |
| http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html | 2024-08-06 | |
| http://www.exploit-db.com/exploits/35992 | 2024-08-06 | |
| http://www.greyhathacker.net/?p=818 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| K7computing Search vendor "K7computing" | K7sentry.sys Search vendor "K7computing" for product "K7sentry.sys" | <= 12.8.0.117 Search vendor "K7computing" for product "K7sentry.sys" and version " <= 12.8.0.117" | - |
Affected
| in | K7computing Search vendor "K7computing" | Anti-virus Plus Search vendor "K7computing" for product "Anti-virus Plus" | <= 14.2.0.252 Search vendor "K7computing" for product "Anti-virus Plus" and version " <= 14.2.0.252" | - |
Affected
|
| K7computing Search vendor "K7computing" | K7sentry.sys Search vendor "K7computing" for product "K7sentry.sys" | <= 12.8.0.117 Search vendor "K7computing" for product "K7sentry.sys" and version " <= 12.8.0.117" | - |
Affected
| in | K7computing Search vendor "K7computing" | Total Security Search vendor "K7computing" for product "Total Security" | <= 14.2.0.252 Search vendor "K7computing" for product "Total Security" and version " <= 14.2.0.252" | - |
Affected
|
| K7computing Search vendor "K7computing" | K7sentry.sys Search vendor "K7computing" for product "K7sentry.sys" | <= 12.8.0.117 Search vendor "K7computing" for product "K7sentry.sys" and version " <= 12.8.0.117" | - |
Affected
| in | K7computing Search vendor "K7computing" | Ultimate Security Search vendor "K7computing" for product "Ultimate Security" | <= 14.2.0.252 Search vendor "K7computing" for product "Ultimate Security" and version " <= 14.2.0.252" | - |
Affected
|