{"api_version":"1","generated_at":"2026-04-23T09:52:21+00:00","cve":"CVE-2014-7136","urls":{"html":"https://cve.report/CVE-2014-7136","api":"https://cve.report/api/cve/CVE-2014-7136.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-7136","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-7136"},"summary":{"title":"CVE-2014-7136","description":"Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2014-12-12 15:59:00","updated_at":"2014-12-15 19:50:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://packetstormsecurity.com/files/129474/K7-Computing-Multiple-Products-K7FWFilt.sys-Privilege-Escalation.html","name":"http://packetstormsecurity.com/files/129474/K7-Computing-Multiple-Products-K7FWFilt.sys-Privilege-Escalation.html","refsource":"MISC","tags":["Exploit"],"title":"K7 Computing Multiple Products K7FWFilt.sys Privilege Escalation ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2014/Dec/47","name":"20141210 CVE-2014-7136 - Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys]","refsource":"FULLDISC","tags":["Exploit"],"title":"Full Disclosure: CVE-2014-7136 - Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys]","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7136/","name":"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7136/","refsource":"MISC","tags":["Exploit"],"title":"CVE-2014-7136 | K7 Computing Multiple Products Privilege Escalation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-7136","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7136","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"7136","vulnerable":"1","versionEndIncluding":"14.0.1.15","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"k7computing","cpe5":"k7firewall_packet_driver","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-7136","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7136/","refsource":"MISC","url":"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7136/"},{"name":"20141210 CVE-2014-7136 - Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys]","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2014/Dec/47"},{"name":"http://packetstormsecurity.com/files/129474/K7-Computing-Multiple-Products-K7FWFilt.sys-Privilege-Escalation.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/129474/K7-Computing-Multiple-Products-K7FWFilt.sys-Privilege-Escalation.html"}]}},"nvd":{"publishedDate":"2014-12-12 15:59:00","lastModifiedDate":"2014-12-15 19:50:00","problem_types":["CWE-119"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:k7computing:k7firewall_packet_driver:*:*:*:*:*:*:*:*","versionEndIncluding":"14.0.1.15","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"7136","Ordinal":"74138","Title":"CVE-2014-7136","CVE":"CVE-2014-7136","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"7136","Ordinal":"1","NoteData":"Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"7136","Ordinal":"2","NoteData":"2014-12-12","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"7136","Ordinal":"3","NoteData":"2014-12-12","Type":"Other","Title":"Modified"}]}}}