Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9632Internet Security vulnerability

CWE-2644 documents4 sources
Severity
7.2HIGHNVD
EPSS
1.8%
top 17.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
AVG Internet SecurityAVG Protection
Timeline
PublishedFeb 6
Latest updateMay 14

Description

The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDavg/internet_security20132013.3495+1
NVDavg/protection20152015.5314

🔴Vulnerability Details

2
GHSA
GHSA-7vj3-fhg7-94xg: The TDI driver (avgtdix2022-05-14
CVEList
CVE-2014-9632: The TDI driver (avgtdix2015-02-06

💥Exploits & PoCs

1
Exploit-DB
AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation2015-02-04
CVE-2014-9632 — AVG Internet Security vulnerability | cvebase