Privilege Escalation Vulnerability in ESET Smart Security by ESET
CVE-2008-5724

Currently unrated

Key Information:

Vendor: Eset
Status: Smart Security
Vendor: CVE Published:; 26 December 2008

What is CVE-2008-5724?

The Personal Firewall driver (epfw.sys) in ESET Smart Security version 3.0.672 and earlier is susceptible to a privilege escalation vulnerability. Local users can exploit this weakness through a specially crafted I/O Control (IOCTL) request which leads to memory overwrite. The improperly handled IRP requests allow for the escalation of privileges, potentially enabling unauthorized access to system resources.

References

http://www.eset.com/joomla/index.php?option=com_content&t...

x_refsource_CONFIRM

http://secunia.com/advisories/33210

third-party-advisoryx_refsource_SECUNIA

http://www.ntinternals.org/ntiadv0807/ntiadv0807.html

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2008
Vulnerability Reserved
Dec 26, 2008

JSON

Eset

What is CVE-2008-5724?

References

Timeline