Sign-up

ID

VAR-201412-0060


CVE

CVE-2014-7136


TITLE

plural K7 Computing Used in products K7FWFilt.sys Heap-based buffer overflow vulnerability in kernel mode driver

Trust: 0.8

sources: JVNDB: JVNDB-2014-005989

DESCRIPTION

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call. K7 Computing K7FWFilt.sys device driver is prone to a local code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. K7FWFilt.sys 11.0.1.5 and prior are vulnerable. Successful exploitation of this bug results in vertical privilege escalation. Technical Details: The function handling IOCTL 0x830020C4 does not validate the size of the output buffer parameter passed in the DeviceIoControl API, which leads to a heap overflow on buffer data initialization. In particular, the function assumes that the output buffer has a size of 0x22C4 bytes. By declaring a smaller buffer we are able to overwrite other data and kernel objects that might follow and potentially control the execution flow via a corrupted kernel object. ba31cb06 8b7d14 mov edi,dword ptr [ebp+14h] <--- EDI == allocated buffer ba31cb09 ff7514 push dword ptr [ebp+14h] ba31cb0c b9b1080000 mov ecx,8B1h <--- assume buffer size 0x8b1 * 4 ba31cb11 33c0 xor eax,eax <--- zero out EAX ba31cb13 f3ab rep stos dword ptr es:[edi] <--- Heap Overflow Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7136/ Copyright: Copyright (c) Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. ############################################################### This email originates from the systems of Portcullis Computer Security Limited, a Private limited company, registered in England in accordance with the Companies Act under number 02763799. The registered office address of Portcullis Computer Security Limited is: Portcullis House, 2 Century Court, Tolpits Lane, Watford, United Kingdom, WD18 9RS. The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Any opinions expressed are those of the individual and do not represent the opinion of the organisation. Access to this email by persons other than the intended recipient is strictly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or other action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email is subject to the terms and conditions expressed in the applicable Portcullis Computer Security Limited terms of business. ############################################################### ##################################################################################### This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal. #####################################################################################

Trust: 2.07

sources: NVD: CVE-2014-7136 // JVNDB: JVNDB-2014-005989 // BID: 71611 // VULHUB: VHN-75080 // PACKETSTORM: 129474

AFFECTED PRODUCTS

vendor:k7computingmodel:k7firewall packet driverscope:lteversion:14.0.1.15

Trust: 1.0

vendor:k7 computingmodel:k7firewall packet driverscope:ltversion:14.0.1.16

Trust: 0.8

vendor:k7computingmodel:k7firewall packet driverscope:eqversion:14.0.1.15

Trust: 0.6

vendor:k7model:computing pvt ltd k7fwfilt.sysscope:eqversion:11.0

Trust: 0.3

vendor:k7model:computing pvt ltd k7fwfilt.sysscope:eqversion:11.0.1.5

Trust: 0.3

vendor:k7model:computing pvt ltd k7fwfilt.sysscope:neversion:14.0.1.16

Trust: 0.3

sources: BID: 71611 // JVNDB: JVNDB-2014-005989 // CNNVD: CNNVD-201412-320 // NVD: CVE-2014-7136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-7136
value: HIGH

Trust: 1.0

NVD: CVE-2014-7136
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201412-320
value: HIGH

Trust: 0.6

VULHUB: VHN-75080
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-7136
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75080
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75080 // JVNDB: JVNDB-2014-005989 // CNNVD: CNNVD-201412-320 // NVD: CVE-2014-7136

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-75080 // JVNDB: JVNDB-2014-005989 // NVD: CVE-2014-7136

THREAT TYPE

local

Trust: 0.9

sources: BID: 71611 // CNNVD: CNNVD-201412-320

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201412-320

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005989

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-75080

PATCH
title:Top Pageurl:http://www.k7computing.com/en/consumer.php
Trust: 0.8
title:setup-eng-tsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52999
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-005989 // 
            
            
            
            CNNVD: CNNVD-201412-320

EXTERNAL IDS
db:NVDid:CVE-2014-7136
Trust: 2.9
db:PACKETSTORMid:129474
Trust: 1.8
db:JVNDBid:JVNDB-2014-005989
Trust: 0.8
db:CNNVDid:CNNVD-201412-320
Trust: 0.7
db:BIDid:71611
Trust: 0.4
db:VULHUBid:VHN-75080
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75080 // 
            
            
            
            BID: 71611 // 
            
            
            
            JVNDB: JVNDB-2014-005989 // 
            
            
            
            PACKETSTORM: 129474 // 
            
            
            
            CNNVD: CNNVD-201412-320 // 
            
            
            
            NVD: CVE-2014-7136

REFERENCES
url:https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7136/
Trust: 2.9
url:http://seclists.org/fulldisclosure/2014/dec/47
Trust: 1.7
url:http://packetstormsecurity.com/files/129474/k7-computing-multiple-products-k7fwfilt.sys-privilege-escalation.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7136
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7136
Trust: 0.8
url:http://www.k7computing.com/en/product/k7-antivirusplus.php
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2014-7136
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75080 // 
            
            
            
            BID: 71611 // 
            
            
            
            JVNDB: JVNDB-2014-005989 // 
            
            
            
            PACKETSTORM: 129474 // 
            
            
            
            CNNVD: CNNVD-201412-320 // 
            
            
            
            NVD: CVE-2014-7136

CREDITS
Kyriakos Economou
Trust: 0.4
sources:
            
            
            BID: 71611 // 
            
            
            
            PACKETSTORM: 129474

SOURCES
db:VULHUBid:VHN-75080
db:BIDid:71611
db:JVNDBid:JVNDB-2014-005989
db:PACKETSTORMid:129474
db:CNNVDid:CNNVD-201412-320
db:NVDid:CVE-2014-7136

LAST UPDATE DATE
2025-04-13T23:29:40.393000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75080date:2014-12-15T00:00:00
db:BIDid:71611date:2014-12-05T00:00:00
db:JVNDBid:JVNDB-2014-005989date:2014-12-16T00:00:00
db:CNNVDid:CNNVD-201412-320date:2014-12-15T00:00:00
db:NVDid:CVE-2014-7136date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-75080date:2014-12-12T00:00:00
db:BIDid:71611date:2014-12-05T00:00:00
db:JVNDBid:JVNDB-2014-005989date:2014-12-16T00:00:00
db:PACKETSTORMid:129474date:2014-12-10T20:32:22
db:CNNVDid:CNNVD-201412-320date:2014-12-15T00:00:00
db:NVDid:CVE-2014-7136date:2014-12-12T15:59:07.073