CVE-2008-5724
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
26/12/2008
Last modified:
09/04/2025
Description
The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:eset:smart_security:*:*:*:*:*:*:*:* | 3.0.672 (including) | |
| cpe:2.3:a:eset:smart_security:3.0.551:*:*:*:*:*:*:* | ||
| cpe:2.3:a:eset:smart_security:3.0.560:*:*:*:*:*:*:* | ||
| cpe:2.3:a:eset:smart_security:3.0.563:*:*:*:*:*:*:* | ||
| cpe:2.3:a:eset:smart_security:3.0.621:*:*:*:*:*:*:* | ||
| cpe:2.3:a:eset:smart_security:3.0.642:*:*:*:*:*:*:* | ||
| cpe:2.3:a:eset:smart_security:3.0.650:*:*:*:*:*:*:* | ||
| cpe:2.3:a:eset:smart_security:3.0.657:*:*:*:*:*:*:* | ||
| cpe:2.3:a:eset:smart_security:3.0.667:*:*:*:*:*:*:* | ||
| cpe:2.3:a:eset:smart_security:3.0.669:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/33210
- http://www.eset.com/joomla/index.php?option=com_content&task=view&id=4113&Itemid=5
- http://www.ntinternals.org/ntiadv0807/ntiadv0807.html
- http://www.securityfocus.com/bid/32917
- http://www.vupen.com/english/advisories/2008/3456
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47477
- http://secunia.com/advisories/33210
- http://www.eset.com/joomla/index.php?option=com_content&task=view&id=4113&Itemid=5
- http://www.ntinternals.org/ntiadv0807/ntiadv0807.html
- http://www.securityfocus.com/bid/32917
- http://www.vupen.com/english/advisories/2008/3456
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47477