{"api_version":"1","generated_at":"2026-04-23T06:07:22+00:00","cve":"CVE-2014-4974","urls":{"html":"https://cve.report/CVE-2014-4974","api":"https://cve.report/api/cve/CVE-2014-4974.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-4974","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-4974"},"summary":{"title":"CVE-2014-4974","description":"The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2014-11-04 16:55:00","updated_at":"2017-08-29 01:35:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/70770","name":"70770","refsource":"BID","tags":[],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/98312","name":"eset-cve20144974-info-disc(98312)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/","name":"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/","refsource":"MISC","tags":[],"title":"cve-2014-4974 - Portcullis","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html","name":"http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html","refsource":"MISC","tags":[],"title":"ESET 7.0 Kernel Memory Leak ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2014/Oct/118","name":"20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows\tProducts","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-4974","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4974","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"4974","vulnerable":"1","versionEndIncluding":"1183_(20140214)","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eset","cpe5":"personal_firewall_ndis_filter","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"4974","vulnerable":"1","versionEndIncluding":"1183_\\(20140214\\)","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eset","cpe5":"personal_firewall_ndis_filter","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-4974","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/","refsource":"MISC","url":"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"},{"name":"20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2014/Oct/118"},{"name":"http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"},{"name":"70770","refsource":"BID","url":"http://www.securityfocus.com/bid/70770"},{"name":"eset-cve20144974-info-disc(98312)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"}]}},"nvd":{"publishedDate":"2014-11-04 16:55:00","lastModifiedDate":"2017-08-29 01:35:00","problem_types":["CWE-200"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:eset:personal_firewall_ndis_filter:*:*:*:*:*:*:*:*","versionEndIncluding":"1183_\\(20140214\\)","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"4974","Ordinal":"71947","Title":"CVE-2014-4974","CVE":"CVE-2014-4974","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"4974","Ordinal":"1","NoteData":"The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"4974","Ordinal":"2","NoteData":"2014-11-04","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"4974","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}