Denial of Service and Arbitrary Code Execution in Faronics Deep Freeze
CVE-2014-2382

Currently unrated

Key Information:

Vendor: Faronics
Status: Deep Freeze
Vendor: CVE Published:; 20 November 2014

What is CVE-2014-2382?

The vulnerable DfDiskLo.sys driver within Faronics Deep Freeze versions 8.10 and earlier contains a flaw that allows local administrators to exploit this vulnerability. By crafting a malicious IOCTL request, an attacker can potentially crash the system and execute arbitrary code by manipulating memory locations, thereby compromising system integrity and availability.

References

http://packetstormsecurity.com/files/129172/Faronics-Deep...

x_refsource_MISC

https://www.portcullis-security.com/security-research-and...

x_refsource_MISC

http://seclists.org/fulldisclosure/2014/Nov/52

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2014
Vulnerability Reserved
Mar 13, 2014