Vulnerabilities > CVE-2014-8608 - NULL Pointer Dereference Denial of Service vulnerability in K7Computing K7Av Sentry Device Driver 12.8.0.118

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

k7computing

NVD

Published: 2014-12-12

Updated: 2016-12-16

Summary

The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing "crashme$$". <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>

Vulnerable Configurations

Part	Description	Count
Application	K7Computing K7Computing K7Av Sentry Device Driver 12.8.0.118	1

References

http://packetstormsecurity.com/files/129470/K7-Computing-Multiple-Products-Null-Pointer-Dereference.html
http://seclists.org/fulldisclosure/2014/Dec/45
http://www.securityfocus.com/bid/71615
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8608/