CVE-2019-9742
https://notcve.org/view.php?id=CVE-2019-9742
gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation. gdwfpcd.sys en G Data Total Security, en CVErsiones anteriores al 22/02/2019, permite que un atacante omita las listas de control de acceso debido a que las características interpretadas del dispositivo carecen de FILE_DEVICE_SECURE_OPEN y, por lo tanto, los archivos y directorios "dentro" del dispositivo \\.\gdwfpcd no están correctamente protegidos, lo que conduce a la suplantación no planeada o a la creación de objetos. • https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-03-13-gdata-total-security-acl-bypass.md https://nafiez.github.io/security/bypass/2019/03/12/gdata-total-security-acl-bypass.html • CWE-862: Missing Authorization •
CVE-2018-10018 – G DATA Total Security 25.4.0.3 - Activex Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-10018
The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument. El control ActiveX GDASPAMLib.AntiSpam ASK\GDASpam.dll en G DATA Total Security 25.4.0.3 tiene un desbordamiento de búfer mediante un argumento IsBlackListed largo. G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability. • https://www.exploit-db.com/exploits/45017 http://seclists.org/fulldisclosure/2018/Jul/55 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •