CVE-2014-4974

EUVD-2014-4889
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
esetpersonal_firewall_ndis_filter
𝑥
≤ 1183_\(20140214\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html
http://seclists.org/fulldisclosure/2014/Oct/118
http://www.securityfocus.com/bid/70770
https://exchange.xforce.ibmcloud.com/vulnerabilities/98312
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/
http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html
http://seclists.org/fulldisclosure/2014/Oct/118
http://www.securityfocus.com/bid/70770
https://exchange.xforce.ibmcloud.com/vulnerabilities/98312
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/