K7 Ultimate Security Privilege Escalation Vulnerabilities Feb15 (Windows) Network Vulnerability

Summary

The host is installed with K7 Ultimate Security and is prone to privilege escalation vulnerability.

Impact

Successful exploitation will allow a local attacker to write controlled data to any memory location and execute code with kernel-level privileges. Impact Level: System

Solution

Upgrade to K7 Ultimate Security version 14.2.0.253 or later, For updates refer to http://www.k7computing.co.uk

Insight

The flaw is due to a write-what-where flaw in K7Sentry.sys in K7 Computing products that is triggered when handling certain IOCTL calls.

Affected

K7 Ultimate Security before 14.2.0.253 on Windows.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/113007
http://packetstormsecurity.com/files/130246
http://www.exploit-db.com/exploits/35992

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9643

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Windows)

Take action and discover your vulnerabilities