CVE-2014-3752

The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
gdata-softwaretotalprotection
𝑥
≤ 24.0.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Execution.html
http://seclists.org/fulldisclosure/2014/Jun/125
http://www.securityfocus.com/archive/1/532559/100/0/threaded
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3752/
http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Execution.html
http://seclists.org/fulldisclosure/2014/Jun/125
http://www.securityfocus.com/archive/1/532559/100/0/threaded
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3752/