CVE-2014-9643

K7 Computing Ultimate Security - Memory Corruption

Title source: llm

Description

K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call.

Exploits (1)

exploitdb WORKING POC

by Parvez Anwar · clocalwindows

https://www.exploit-db.com/exploits/35992

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html

[Exploit] http://www.exploit-db.com/exploits/35992

[Exploit] http://www.greyhathacker.net/?p=818

[Third Party Advisory, VDB Entry] http://www.osvdb.org/113007

Scores

EPSS 0.0073

EPSS Percentile 72.8%

Details

CWE

CWE-264

Status published

Products (4)

k7computing/anti-virus_plus < 14.2.0.252

k7computing/k7sentry.sys < 12.8.0.117

k7computing/total_security < 14.2.0.252

k7computing/ultimate_security < 14.2.0.252

Published Feb 06, 2015

Tracked Since Feb 18, 2026