Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5724

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-5724
Last Modified 07 Mar 2011 10:15:05
Published 26 Dec 2008 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-5724

Summary

The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory.

Vulnerable Systems

Application

  • Eset Smart Security 3.0.551

  • Eset Smart Security 3.0.560

  • Eset Smart Security 3.0.563

  • Eset Smart Security 3.0.621

  • Eset Smart Security 3.0.642

  • Eset Smart Security 3.0.650

  • Eset Smart Security 3.0.657

  • Eset Smart Security 3.0.667

  • Eset Smart Security 3.0.669

  • Eset Smart Security 3.0.672


References

XF - smart-security-epfw-privilege-escalation(47477)

VUPEN - ADV-2008-3456

BID - 32917

MISC - http://www.ntinternals.org/ntiadv0807/ntiadv0807.html

CONFIRM - http://www.eset.com/joomla/index.php?option=com_content&task=view&id=4113&Itemid=5

SECUNIA - 33210


Last Updated: 27 May 2016 10:48:54