CVE-2014-4973

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:eset:smart_security:5.0.94:*:*:*:*:*:*:*
cpe:2.3:a:eset:smart_security:5.0.95:*:*:*:*:*:*:*
cpe:2.3:a:eset:smart_security:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:eset:smart_security:5.2.15:*:*:*:*:*:*:*
cpe:2.3:a:eset:smart_security:6.0.306:*:*:*:*:*:*:*
cpe:2.3:a:eset:smart_security:6.0.308:*:*:*:*:*:*:*
cpe:2.3:a:eset:smart_security:6.0.314:*:*:*:*:*:*:*
cpe:2.3:a:eset:smart_security:6.0.316:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:eset:endpoint_security:5.0.2113:*:*:*:*:*:*:*
cpe:2.3:a:eset:endpoint_security:5.0.2122:*:*:*:*:*:*:*
cpe:2.3:a:eset:endpoint_security:5.0.2126:*:*:*:*:*:*:*
cpe:2.3:a:eset:endpoint_security:5.0.2214:*:*:*:*:*:*:*
cpe:2.3:a:eset:endpoint_security:5.0.2225:*:*:*:*:*:*:*
cpe:2.3:a:eset:endpoint_security:5.0.2228:*:*:*:*:*:*:*

History

21 Nov 2024, 02:11

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2014/Aug/52 - () http://seclists.org/fulldisclosure/2014/Aug/52 -
References () https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973/ - Exploit () https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973/ - Exploit

Information

Published : 2014-09-23 15:55

Updated : 2024-11-21 02:11


NVD link : CVE-2014-4973

Mitre link : CVE-2014-4973

CVE.ORG link : CVE-2014-4973


JSON object : View

Products Affected

eset

  • endpoint_security
  • smart_security
CWE
CWE-20

Improper Input Validation