CVE-2014-9632
First published: Fri Feb 06 2015(Updated: )
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AVG Protection | >=2015<=2015.5314 | |
| AVG Internet Security | >=2013<2013.3495 | |
| AVG Internet Security | >=2015<2015.5314 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-9632?
CVE-2014-9632 is classified as a privilege escalation vulnerability.
How do I fix CVE-2014-9632?
To fix CVE-2014-9632, update AVG Internet Security to version 2013.3495 Hot Fix 18 or later, and AVG Protection to version 2015.5315 or later.
What systems are affected by CVE-2014-9632?
CVE-2014-9632 affects AVG Internet Security versions prior to 2013.3495 and 2015.x up to 2015.5314, as well as AVG Protection versions prior to 2015.5315.
What type of attack does CVE-2014-9632 enable?
CVE-2014-9632 allows local users to write to arbitrary memory locations, enabling privilege escalation attacks.
Who can exploit CVE-2014-9632?
Local users with access to a vulnerable version of AVG Internet Security or AVG Protection can exploit CVE-2014-9632.
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/avg
- canonical/avg protection
- version/avg protection/2015
- version/avg protection/2015.5314
- canonical/avg internet security
- version/avg internet security/2013
- version/avg internet security/2015