Posted by Portcullis Advisories on Nov 19

Vulnerability title: Arbitrary Code Execution In Faronics Deep Freeze Standard and Enterprise
CVE: CVE-2014-2382
Vendor: Faronics
Product: Deep Freeze Standard and Enterprise
Affected version: Before and including v8.10
Fixed version: N/A
Reported by: Kyriakos Economou
Details:

The latest, and earlier, versions of Deep Freeze Standard/Enterprise allow a local attacker to execute code with Kernel
privileges, without the need of loading another…