PT-2015-4314 · Avg · Avgtdix.Sys+2

Published

2015-02-06

Updated

2019-02-01

CVE-2014-9632

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AVG Internet Security versions prior to 2013.3495 Hot Fix 18 AVG Internet Security versions 2015.x prior to 2015.5315 AVG Protection versions prior to 2015.5315

Description The issue allows local users to gain privileges by writing to arbitrary memory locations via a crafted 0x830020f8 IOCTL call to the TDI driver (avgtdix.sys).

Recommendations For AVG Internet Security versions prior to 2013.3495 Hot Fix 18, update to version 2013.3495 Hot Fix 18 or later. For AVG Internet Security versions 2015.x prior to 2015.5315, update to version 2015.5315 or later. For AVG Protection versions prior to 2015.5315, update to version 2015.5315 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-9632

Affected Products

Avg Internet Security

Avg Protection

Avgtdix.Sys

PT-2015-4314 · Avg · Avgtdix.Sys+2

CVE-2014-9632

Weakness Enumeration

Related Identifiers

Affected Products

References · 7