Privilege escalation : K7 Anti-Virus Plus Privilege Escalation Vulnerability (Feb 2015)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.805455

Categoría: Privilege escalation

Título: K7 Anti-Virus Plus Privilege Escalation Vulnerability (Feb 2015) - Windows

Resumen: K7 Anti-Virus Plus is prone to a privilege escalation vulnerability.

Descripción: Summary:
K7 Anti-Virus Plus is prone to a privilege escalation vulnerability.

Vulnerability Insight:
The flaw is due to a write-what-where flaw
in K7Sentry.sys in K7 Computing products that is triggered when handling
certain IOCTL calls.

Vulnerability Impact:
Successful exploitation will allow a local
attacker to write controlled data to any memory location and execute code with
kernel-level privileges.

Affected Software/OS:
K7 Anti-Virus Plus before 14.2.0.253
on Windows.

Solution:
Upgrade to K7 Anti-Virus Plus version
14.2.0.253 or later.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-9643
http://www.exploit-db.com/exploits/35992
http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html
http://www.greyhathacker.net/?p=818
http://www.osvdb.org/113007

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.805455
Categoría:	Privilege escalation
Título:	K7 Anti-Virus Plus Privilege Escalation Vulnerability (Feb 2015) - Windows
Resumen:	K7 Anti-Virus Plus is prone to a privilege escalation vulnerability.
Descripción:	Summary: K7 Anti-Virus Plus is prone to a privilege escalation vulnerability. Vulnerability Insight: The flaw is due to a write-what-where flaw in K7Sentry.sys in K7 Computing products that is triggered when handling certain IOCTL calls. Vulnerability Impact: Successful exploitation will allow a local attacker to write controlled data to any memory location and execute code with kernel-level privileges. Affected Software/OS: K7 Anti-Virus Plus before 14.2.0.253 on Windows. Solution: Upgrade to K7 Anti-Virus Plus version 14.2.0.253 or later. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9643 http://www.exploit-db.com/exploits/35992 http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html http://www.greyhathacker.net/?p=818 http://www.osvdb.org/113007
Copyright	Copyright (C) 2015 Greenbone AG