Vulnerability Description
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avg | Protection | >= 2015, <= 2015.5314 |
| Avg | Internet Security | >= 2013, < 2013.3495 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130248/AVG-Internet-Security-2015.0.5315-PrExploitThird Party Advisory
- http://www.avg.com/eu-en/avg-release-notesVendor Advisory
- http://www.exploit-db.com/exploits/35993ExploitThird Party Advisory
- http://www.greyhathacker.net/?p=818Third Party Advisory
- http://www.osvdb.org/113824Broken Link
- http://packetstormsecurity.com/files/130248/AVG-Internet-Security-2015.0.5315-PrExploitThird Party Advisory
- http://www.avg.com/eu-en/avg-release-notesVendor Advisory
- http://www.exploit-db.com/exploits/35993ExploitThird Party Advisory
- http://www.greyhathacker.net/?p=818Third Party Advisory
- http://www.osvdb.org/113824Broken Link
FAQ
What is CVE-2014-9632?
CVE-2014-9632 is a vulnerability with a CVSS score of 7.2 (HIGH). The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations,...
How severe is CVE-2014-9632?
CVE-2014-9632 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9632?
Check the references section above for vendor advisories and patch information. Affected products include: Avg Protection, Avg Internet Security.