Vulnerability Details : CVE-2014-8956
Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2014-8956
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 30 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-8956
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-8956
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8956
-
http://packetstormsecurity.com/files/129472/K7-Computing-Multiple-Products-K7Sentry.sys-Out-Of-Bounds-Write.html
K7 Computing Multiple Products K7Sentry.sys Out-Of-Bounds Write ≈ Packet StormExploit
-
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8956/
CVE-2014-8956 | K7 Computing Privilege EscalationExploit
-
http://seclists.org/fulldisclosure/2014/Dec/46
Full Disclosure: CVE-2014-8956 - Privilege Escalation In K7 Computing Multiple Products [K7Sentry.sys]Exploit
Products affected by CVE-2014-8956
- cpe:2.3:a:k7computing:k7av_sentry_device_driver:*:*:*:*:*:*:*:*