Lucene search

[email protected]CVE-2014-8956

HistoryDec 12, 2014 - 3:59 p.m.

CVE-2014-8956

2014-12-1215:59:13

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-8956

buffer overflow

k7sentry.sys

kernel mode driver

k7av sentry device driver

k7 computing

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.4%

JSON

Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors.

Affected configurations

NVD

Node

k7computingk7av_sentry_device_driverRange≤12.8.0.118

CPENameOperatorVersion
k7computing:k7av_sentry_device_driverk7computing k7av sentry device driverle12.8.0.118

CPE	Name	Operator	Version
k7computing:k7av_sentry_device_driver	k7computing k7av sentry device driver	le	12.8.0.118

References

packetstormsecurity.com/files/129472/K7-Computing-Multiple-Products-K7Sentry.sys-Out-Of-Bounds-Write.html

seclists.org/fulldisclosure/2014/Dec/46

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8956/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.4%

JSON

Related for CVE-2014-8956

nvd1 prion1 cvelist1