CVE-2014-7136

Name of the Vulnerable Software and Affected Versions K7FWFilt.sys versions prior to 14.0.1.16

Description A heap-based buffer overflow issue exists in the K7FWFilt.sys kernel mode driver, which can be exploited by local users to execute arbitrary code with kernel privileges. This is achieved by passing a crafted parameter in a DeviceIoControl API call.

Recommendations For versions prior to 14.0.1.16, update to version 14.0.1.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the DeviceIoControl API call to minimize the risk of exploitation.