CVE-2014-4973

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call.

Published: Sep 23, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-4973
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
eset / smart_security	5.0.94	5.0.94.x
eset / smart_security	5.2.9	5.2.9.x
eset / smart_security	6.0.314	6.0.314.x
eset / smart_security	5.2.15	5.2.15.x
eset / smart_security	6.0.316	6.0.316.x
eset / smart_security	6.0.308	6.0.308.x
eset / smart_security	5.0.95	5.0.95.x
eset / smart_security	6.0.306	6.0.306.x
eset / endpoint_security	5.0.2113	5.0.2113.x
eset / endpoint_security	5.0.2126	5.0.2126.x
eset / endpoint_security	5.0.2228	5.0.2228.x
eset / endpoint_security	5.0.2225	5.0.2225.x
eset / endpoint_security	5.0.2214	5.0.2214.x
eset / endpoint_security	5.0.2122	5.0.2122.x

Vulnerability Database

289,697

CVE-2014-4973