CVE-2014-9643

2015-02-0615:59:11

CWE-264

[email protected]

web.nvd.nist.gov

security

k7 computing

vulnerability

cve-2014-9643

memory

privileges

nvd

antivirus

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.2%

JSON

K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call.

Affected configurations

NVD

Node

k7computingk7sentry.sysRange≤12.8.0.117

AND

k7computinganti-virus_plusRange≤14.2.0.252

k7computingtotal_securityRange≤14.2.0.252

k7computingultimate_securityRange≤14.2.0.252

CPENameOperatorVersion
k7computing:k7sentry.sysk7computing k7sentry.sysle12.8.0.117
k7computing:anti-virus_plusk7computing anti-virus plusle14.2.0.252
k7computing:total_securityk7computing total securityle14.2.0.252
k7computing:ultimate_securityk7computing ultimate securityle14.2.0.252

CPE	Name	Operator	Version
k7computing:k7sentry.sys	k7computing k7sentry.sys	le	12.8.0.117
k7computing:anti-virus_plus	k7computing anti-virus plus	le	14.2.0.252
k7computing:total_security	k7computing total security	le	14.2.0.252
k7computing:ultimate_security	k7computing ultimate security	le	14.2.0.252