CVE-2014-9632

AVG Internet Security <2013.3495-2015.5315 - Privilege Escalation

Title source: llm

Description

The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.

Exploits (1)

exploitdb WORKING POC

by Parvez Anwar · clocalwindows

https://www.exploit-db.com/exploits/35993

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/130248/AVG-Internet-Security-2015.0.5315-Privilege-Escalation.html

[Vendor Advisory] http://www.avg.com/eu-en/avg-release-notes

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/35993

[Third Party Advisory] http://www.greyhathacker.net/?p=818

[Broken Link] http://www.osvdb.org/113824

Scores

EPSS 0.0181

EPSS Percentile 82.9%

Details

CWE

CWE-264

Status published

Products (2)

avg/internet_security 2013 - 2013.3495

avg/protection 2015 - 2015.5314

Published Feb 06, 2015

Tracked Since Feb 18, 2026