CVE-2014-9632

AVG Internet Security <2013.3495-2015.5315 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9632. PoCs published by Parvez Anwar.

AI-analyzed exploit summary This exploit leverages an arbitrary write vulnerability in AVG Internet Security 2015 (CVE-2014-9632) to overwrite the HAL dispatch table, enabling privilege escalation on Windows XP SP3. It includes shellcode to steal a SYSTEM token and restore overwritten pointers.

Description

The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.

Exploits (1)

exploitdb WORKING POC

by Parvez Anwar · clocalwindows

https://www.exploit-db.com/exploits/35993

View Code ZIP pw:eip

This exploit leverages an arbitrary write vulnerability in AVG Internet Security 2015 (CVE-2014-9632) to overwrite the HAL dispatch table, enabling privilege escalation on Windows XP SP3. It includes shellcode to steal a SYSTEM token and restore overwritten pointers.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: AVG Internet Security 2015 (2015.0.5315) with driver avgtdix.sys (15.0.0.5204)

No auth needed

Prerequisites: Windows XP SP3 32-bit · AVG Internet Security 2015 with vulnerable driver version

MITRE ATT&CK