CVE-2014-4973
Summary
| CVE | CVE-2014-4973 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-09-23 15:55:00 UTC |
| Updated | 2014-09-24 14:53:00 UTC |
| Description | The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eset | Endpoint Security | 5.0.2113 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2122 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2126 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2214 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2225 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2228 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2113 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2122 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2126 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2214 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2225 | All | All | All |
| Application | Eset | Endpoint Security | 5.0.2228 | All | All | All |
| Application | Eset | Smart Security | 5.0.94 | All | All | All |
| Application | Eset | Smart Security | 5.0.95 | All | All | All |
| Application | Eset | Smart Security | 5.2.15 | All | All | All |
| Application | Eset | Smart Security | 5.2.9 | All | All | All |
| Application | Eset | Smart Security | 6.0.306 | All | All | All |
| Application | Eset | Smart Security | 6.0.308 | All | All | All |
| Application | Eset | Smart Security | 6.0.314 | All | All | All |
| Application | Eset | Smart Security | 6.0.316 | All | All | All |
| Application | Eset | Smart Security | 5.0.94 | All | All | All |
| Application | Eset | Smart Security | 5.0.95 | All | All | All |
| Application | Eset | Smart Security | 5.2.15 | All | All | All |
| Application | Eset | Smart Security | 5.2.9 | All | All | All |
| Application | Eset | Smart Security | 6.0.306 | All | All | All |
| Application | Eset | Smart Security | 6.0.308 | All | All | All |
| Application | Eset | Smart Security | 6.0.314 | All | All | All |
| Application | Eset | Smart Security | 6.0.316 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cve-2014-4973 - Portcullis | MISC | www.portcullis-security.com | Exploit |
| Full Disclosure: CVE-2014-4973 - Privilege Escalation in ESET Windows Products | FULLDISC | seclists.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.