CVE-2014-4974

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
esetpersonal_firewall_ndis_filter
𝑥
≤ 1183_\(20140214\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html
http://seclists.org/fulldisclosure/2014/Oct/118
http://www.securityfocus.com/bid/70770
https://exchange.xforce.ibmcloud.com/vulnerabilities/98312
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/
http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html
http://seclists.org/fulldisclosure/2014/Oct/118
http://www.securityfocus.com/bid/70770
https://exchange.xforce.ibmcloud.com/vulnerabilities/98312
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/