CVE-2014-8956

Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8956/	Exploit
http://packetstormsecurity.com/files/129472/K7-Computing-Multiple-Products-K7Sentry.sys-Out-Of-Bounds-Write.html	Exploit
http://seclists.org/fulldisclosure/2014/Dec/46	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:k7computing:k7av_sentry_device_driver:*:*:*:*:*:*:*:*

Information

Published : 2014-12-12 07:59

Updated : 2014-12-15 19:32

NVD link : CVE-2014-8956

Mitre link : CVE-2014-8956

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

k7computing

k7av_sentry_device_driver

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8956/", "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8956/", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/129472/K7-Computing-Multiple-Products-K7Sentry.sys-Out-Of-Bounds-Write.html", "name": "http://packetstormsecurity.com/files/129472/K7-Computing-Multiple-Products-K7Sentry.sys-Out-Of-Bounds-Write.html", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2014/Dec/46", "name": "20141210 CVE-2014-8956 - Privilege Escalation In K7 Computing Multiple Products [K7Sentry.sys]", "tags": ["Exploit"], "refsource": "FULLDISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-8956", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-12-12T15:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:k7computing:k7av_sentry_device_driver:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "12.8.0.118"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-12-16T03:32Z"}

7.2 /10