Vulnerability CVE-2014-9632


Published: 2015-02-06

Description:
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
AVG Internet Security 2015 Arbitrary Write Privilege Escalation
Parvez Anwar
05.02.2015

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
AVG -> Internet security 
AVG -> Protection 

 References:
http://packetstormsecurity.com/files/130248/AVG-Internet-Security-2015.0.5315-Privilege-Escalation.html
http://www.avg.com/eu-en/avg-release-notes
http://www.exploit-db.com/exploits/35993
http://www.greyhathacker.net/?p=818

Copyright 2024, cxsecurity.com

 

Back to Top