CVE-2014-9642

BullGuard Antivirus <15.0.288 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9642. PoCs published by Parvez Anwar.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in BullGuard's BdAgent.sys driver (CVE-2014-9642) by overwriting the HAL dispatch table to execute arbitrary kernel code. It includes shellcode for token stealing to elevate privileges to SYSTEM on Windows XP SP3.

Description

bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call.

Exploits (1)

exploitdb WORKING POC

by Parvez Anwar · clocalwindows

https://www.exploit-db.com/exploits/35994

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in BullGuard's BdAgent.sys driver (CVE-2014-9642) by overwriting the HAL dispatch table to execute arbitrary kernel code. It includes shellcode for token stealing to elevate privileges to SYSTEM on Windows XP SP3.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: BullGuard 14.1.285.4 with BdAgent.sys driver 1.0.0.6

No auth needed

Prerequisites: Windows XP SP3 32-bit · BullGuard 14.1.285.4 with vulnerable driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit x_refsource_misc

http://www.greyhathacker.net/?p=818

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/114478

Vendor Advisory x_refsource_confirm

http://www.bullguard.com/about/release-notes.aspx

Exploit x_refsource_misc

http://packetstormsecurity.com/files/130247/BullGuard-14.1.285.4-Privilege-Escalation.html

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/35994

Scores

EPSS 0.0108

EPSS Percentile 78.3%

Details

CWE

CWE-264

Status published

Products (4)

bullguard/bdagent.sys < 1.0.0.6

bullguard/internet_security < 14.1.287

bullguard/online_backup < 14.1.287

bullguard/premium_protection < 14.1.287

Published Feb 06, 2015

Tracked Since Feb 18, 2026