CVE-2014-8608 – Null Pointer Dereference In K7 Computing Multiple Products

Vulnerability title: Null Pointer Dereference In K7 Computing Multiple Products [K7Sentry.sys]
CVE: CVE-2014-8608
Vendor: K7 Computing
Product: Multiple Products [K7Sentry.sys]
Affected version: 12.8.0.104
Fixed version: 12.8.0.119
Reported by: Kyriakos Economou
Details:

Latest and possibly earlier versions of K7Sentry.sys kernel mode driver, also named as the ‘K7AV Sentry Device Driver’, allows any local user to crash the system by creating a file that contains the string “crashme$$” in its name. Once the file is created, any attempt to access it will result in a null pointer dereference leading to a system crash through a BSoD.

b9d087ce ff156059dab9 call dword ptr [K7Sentry+0xa9960 (b9da5960)] ds:0023:b9da5960={nt!wcsstr (80537ff5)} – search for “crashme$$” in the filename
b9d087d4 83c408 add esp,8
b9d087d7 85c0 test eax,eax
b9d087d9 7406 je K7Sentry+0xc7e1 (b9d087e1)
b9d087db 893500000000 mov dword ptr ds:[0],esi – if found write esi to [0] leading to system crash

Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8608/

Share