Vulnerability Details CVE-2014-3752
The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.9%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 7.2
References
- http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Execution.html
- http://seclists.org/fulldisclosure/2014/Jun/125
- http://www.securityfocus.com/archive/1/532559/100/0/threaded
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3752/
- http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Execution.html
- http://seclists.org/fulldisclosure/2014/Jun/125
- http://www.securityfocus.com/archive/1/532559/100/0/threaded
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3752/
Products affected by CVE-2014-3752
-
cpe:2.3:a:gdata-software:totalprotection:24.0.2.1