K7 Total Security Privilege Escalation Vulnerability Feb15 (Windows) Network Vulnerability

Summary

The host is installed with K7 Total Security and is prone to privilege escalation vulnerability.

Impact

Successful exploitation will allow a local attacker to write controlled data to any memory location and execute code with kernel-level privileges. Impact Level: System

Solution

Upgrade to K7 Total Security version 14.2.0.253 or later, For updates refer to http://www.k7computing.co.uk/

Insight

The flaw is due to a write-what-where flaw in K7Sentry.sys in K7 Computing products that is triggered when handling certain IOCTL calls.

Affected

K7 Total Security before 14.2.0.253 on Windows.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/113007
http://packetstormsecurity.com/files/130246/
http://www.exploit-db.com/exploits/35992/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9643

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)

Take action and discover your vulnerabilities