Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9643Anti-virus Plus vulnerability

CWE-2644 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.7%
top 27.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
K7computing Anti-virus PlusK7computing K7sentry.sysK7computing Total Security+1 more
Timeline
PublishedFeb 6
Latest updateMay 17

Description

K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

NVDk7computing/k7sentry.sys12.8.0.117

🔴Vulnerability Details

2
GHSA
GHSA-h33w-46pj-6363: K7Sentry2022-05-17
CVEList
CVE-2014-9643: K7Sentry2015-02-06

💥Exploits & PoCs

1
Exploit-DB
K7 Computing (Multiple Products) - Arbitrary Write Privilege Escalation2015-02-04
CVE-2014-9643 — Anti-virus Plus vulnerability | cvebase