PT-2009-2576 · Eset · Eset Smart Security

Published

2009-08-28

Updated

2017-09-29

CVE-2008-7107

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ESET Smart Security version 3.0.667.0

Description The issue allows local users to cause a denial of service, resulting in a system crash. This is achieved by sending a crafted IOCTL 0x222003 request to the ".easdrv" device interface, specifically targeting the easdrv.sys component.

Recommendations For ESET Smart Security version 3.0.667.0, consider restricting access to the easdrv.sys component to minimize the risk of exploitation. As a temporary workaround, avoid using the IOCTL 0x222003 request to the ".easdrv" device interface until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-7107

Affected Products

Eset Smart Security

PT-2009-2576 · Eset · Eset Smart Security

CVE-2008-7107

Weakness Enumeration

Related Identifiers

Affected Products

References · 4