Vulnerability CVE-2014-9642


Published: 2015-02-06

Description:
bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
BullGuard 14.1.285.4 Privilege Escalation
Parvez Anwar
05.02.2015

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Bullguard -> Bdagent.sys 
Bullguard -> Internet security 
Bullguard -> Online backup 
Bullguard -> Premium protection 

 References:
http://www.osvdb.org/114478
http://www.greyhathacker.net/?p=818
http://www.exploit-db.com/exploits/35994
http://www.bullguard.com/about/release-notes.aspx
http://packetstormsecurity.com/files/130247/BullGuard-14.1.285.4-Privilege-Escalation.html

Copyright 2024, cxsecurity.com

 

Back to Top