Vulnerability Description
K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| K7Computing | K7Sentry.Sys | <= 12.8.0.117 |
| K7Computing | Anti-Virus Plus | <= 14.2.0.252 |
| K7Computing | Total Security | <= 14.2.0.252 |
| K7Computing | Ultimate Security | <= 14.2.0.252 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-EsExploit
- http://www.exploit-db.com/exploits/35992Exploit
- http://www.greyhathacker.net/?p=818Exploit
- http://www.osvdb.org/113007
- http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-EsExploit
- http://www.exploit-db.com/exploits/35992Exploit
- http://www.greyhathacker.net/?p=818Exploit
- http://www.osvdb.org/113007
FAQ
What is CVE-2014-9643?
CVE-2014-9643 is a vulnerability with a CVSS score of 7.2 (HIGH). K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a...
How severe is CVE-2014-9643?
CVE-2014-9643 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9643?
Check the references section above for vendor advisories and patch information. Affected products include: K7Computing K7Sentry.Sys, K7Computing Anti-Virus Plus, K7Computing Total Security, K7Computing Ultimate Security.