CVE-2014-4973: Input Validation
First published: Tue Sep 23 2014(Updated: )
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ESET Smart Security for Windows | =5.0.94 | |
| ESET Smart Security for Windows | =5.0.95 | |
| ESET Smart Security for Windows | =5.2.9 | |
| ESET Smart Security for Windows | =5.2.15 | |
| ESET Smart Security for Windows | =6.0.306 | |
| ESET Smart Security for Windows | =6.0.308 | |
| ESET Smart Security for Windows | =6.0.314 | |
| ESET Smart Security for Windows | =6.0.316 | |
| Seqrite End Point Security | =5.0.2113 | |
| Seqrite End Point Security | =5.0.2122 | |
| Seqrite End Point Security | =5.0.2126 | |
| Seqrite End Point Security | =5.0.2214 | |
| Seqrite End Point Security | =5.0.2225 | |
| Seqrite End Point Security | =5.0.2228 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-4973?
CVE-2014-4973 has a medium severity level due to its potential for local privilege escalation.
How do I fix CVE-2014-4973?
To mitigate CVE-2014-4973, update to the latest version of ESET Smart Security or ESET Endpoint Security that addresses this vulnerability.
What are the affected versions in CVE-2014-4973?
CVE-2014-4973 affects ESET Smart Security versions 5.0 through 7.0 and ESET Endpoint Security versions 5.0.x.
Can CVE-2014-4973 be exploited remotely?
CVE-2014-4973 cannot be exploited remotely as it requires local user access to exploit the vulnerability.
What component of ESET is affected by CVE-2014-4973?
CVE-2014-4973 affects the ESET Personal Firewall NDIS filter driver (EpFwNdis.sys).
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/eset
- canonical/eset smart security for windows
- version/eset smart security for windows/5.0.94
- version/eset smart security for windows/5.0.95
- version/eset smart security for windows/5.2.9
- version/eset smart security for windows/5.2.15
- version/eset smart security for windows/6.0.306
- version/eset smart security for windows/6.0.308
- version/eset smart security for windows/6.0.314
- version/eset smart security for windows/6.0.316
- canonical/seqrite end point security
- version/seqrite end point security/5.0.2113
- version/seqrite end point security/5.0.2122
- version/seqrite end point security/5.0.2126
- version/seqrite end point security/5.0.2214
- version/seqrite end point security/5.0.2225
- version/seqrite end point security/5.0.2228