Vulnerability Details CVE-2014-4974
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.2%
CVSS Severity
CVSS v2 Score 2.1
References
- http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html
- http://seclists.org/fulldisclosure/2014/Oct/118
- http://www.securityfocus.com/bid/70770
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98312
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/
- http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html
- http://seclists.org/fulldisclosure/2014/Oct/118
- http://www.securityfocus.com/bid/70770
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98312
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/
Products affected by CVE-2014-4974
-
cpe:2.3:a:eset:personal_firewall_ndis_filter:1183_(20140214)