Local Code Execution Vulnerability in ESET System Analyzer Tool
CVE-2008-4451

Currently unrated

Key Information:

Vendor: Eset Software
Status: System Analyzer Tool
Vendor: CVE Published:; 6 October 2008

🔔 Create Eset Software Vulnerability Alert

What is CVE-2008-4451?

The SysInspector AntiStealth driver (esiasdrv.sys) version 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 has a vulnerability that allows local users to execute arbitrary code. By sending a specially crafted METHOD_NEITHER IOCTL request to the device, an attacker can overwrite a pointer in the driver, leading to unauthorized actions within the system. This flaw poses significant risks, potentially allowing attackers to escalate their privileges and compromise system integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45619

vdb-entryx_refsource_XF

http://www.ntinternals.org/

x_refsource_MISC

http://securityreason.com/securityalert/4353

third-party-advisoryx_refsource_SREASON

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2008
Vulnerability Reserved
Oct 6, 2008

JSON