CVE-2014-9643
published 2015-02-06CVE-2014-9643: K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory…
PriorityP338high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.05%
59.9th percentile
K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| k7computing | anti-virus_plus | <= 14.2.0.252 | — |
| k7computing | k7sentry.sys | <= 12.8.0.117 | — |
| k7computing | total_security | <= 14.2.0.252 | — |
| k7computing | ultimate_security | <= 14.2.0.252 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.htmlhttp://www.exploit-db.com/exploits/35992http://www.greyhathacker.net/?p=818http://www.osvdb.org/113007http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.htmlhttp://www.exploit-db.com/exploits/35992http://www.greyhathacker.net/?p=818http://www.osvdb.org/113007
2015-02-06
Published