ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability
BID:30719
Info
ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability
| Bugtraq ID: | 30719 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-7107 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 16 2008 12:00AM |
| Updated: | Apr 16 2015 05:55PM |
| Credit: | g_ |
| Vulnerable: |
Eset Software Smart Security 3.0.667 .0 |
| Not Vulnerable: | |
Discussion
ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability
ESET Smart Security is prone to a local privilege-escalation vulnerability that occurs in the 'easdrv.sys' driver.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
ESET Smart Security 3.0.667.0 is vulnerable; other versions may also be affected.
ESET Smart Security is prone to a local privilege-escalation vulnerability that occurs in the 'easdrv.sys' driver.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
ESET Smart Security 3.0.667.0 is vulnerable; other versions may also be affected.
Exploit / POC
ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability
References:
References:
- ESET Smart Security Homepage (ESET)
- ESET Software Homepage (ESET Software)