Privilege Escalation Vulnerability in AVG Internet Security
CVE-2014-9632

Currently unrated

Key Information:

Vendor: Avg
Status: Protection
Vendor: CVE Published:; 6 February 2015

What is CVE-2014-9632?

The TDI driver (avgtdix.sys) in AVG Internet Security versions prior to 2013.3495 Hot Fix 18 and 2015.x versions before 2015.5315 has a serious vulnerability that allows local users to manipulate memory. By sending a specifically crafted IOCTL call (0x830020f8), attackers can write to arbitrary memory locations, potentially enabling them to escalate their privileges and perform unauthorized actions within the system.

References

http://www.greyhathacker.net/?p=818

x_refsource_MISC

http://www.exploit-db.com/exploits/35993

exploitx_refsource_EXPLOIT-DB

http://www.avg.com/eu-en/avg-release-notes

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2015
Vulnerability Reserved
Jan 22, 2015

Avg

What is CVE-2014-9632?

References

Timeline