Vulnerability Details : CVE-2014-7136
Potential exploit
Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call.
Vulnerability category: OverflowExecute code
Products affected by CVE-2014-7136
- cpe:2.3:a:k7computing:k7firewall_packet_driver:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7136
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7136
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-7136
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7136
-
http://seclists.org/fulldisclosure/2014/Dec/47
Full Disclosure: CVE-2014-7136 - Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys]Exploit
-
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7136/
CVE-2014-7136 | K7 Computing Multiple Products Privilege EscalationExploit
-
http://packetstormsecurity.com/files/129474/K7-Computing-Multiple-Products-K7FWFilt.sys-Privilege-Escalation.html
K7 Computing Multiple Products K7FWFilt.sys Privilege Escalation ≈ Packet StormExploit
Jump to