CVE-2014-0816

Norman Security Suite < 10.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0816. PoCs published by tandasat.

AI-analyzed exploit summary This is a functional privilege escalation exploit for CVE-2014-0816, targeting Norman Security Suite's ngs.sys/ngs64.sys driver. It leverages an arbitrary memory write vulnerability to overwrite HalDispatchTable[1] with shellcode, escalating privileges to SYSTEM.

Description

Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors.

Exploits (1)

nomisec WORKING POC 25 stars

by tandasat · poc

https://github.com/tandasat/CVE-2014-0816

View Code ZIP pw:eip

This is a functional privilege escalation exploit for CVE-2014-0816, targeting Norman Security Suite's ngs.sys/ngs64.sys driver. It leverages an arbitrary memory write vulnerability to overwrite HalDispatchTable[1] with shellcode, escalating privileges to SYSTEM.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Norman Security Suite 10.1 (ngs.sys/ngs64.sys version 5.0.740.0)

No auth needed

Prerequisites: Norman Security Suite 10.1 installed · Windows XP to 10 (x86/x64) with SMEP disabled on Windows 8+

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_jvndb

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026

Third Party Advisory x_refsource_confirm

http://jvn.jp/en/jp/JVN02017463/995510/index.html

Third Party Advisory third-party-advisory x_refsource_jvn

http://jvn.jp/en/jp/JVN02017463/index.html

Scores

EPSS 0.0080

EPSS Percentile 52.0%

Details

CWE

CWE-264

Status published

Products (3)

norman/security_suite 8.0

norman/security_suite 10.0

norman/security_suite < 10.1

Published Feb 27, 2014

Tracked Since Feb 18, 2026