CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2008-7107 – ESET Smart Security 3.0.667.0 - Privilege Escalation (PoC)
https://notcve.org/view.php?id=CVE-2008-7107
28 Aug 2009 — easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface. easdrv.sys en ESET Smart Security v3.0.667.0, permite a usuarios locales provocar una denegación de servicio (caída) mediante una petición IOCTL 0x222003 manipulada al interfaz del dispositivo \\.\easdrv. • https://www.exploit-db.com/exploits/6251 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2008-5724 – ESET Smart Security 3.0.672 - 'epfw.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-5724
26 Dec 2008 — The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory. El driver de Personal Firewall (también conocido como epfw.sys) 3.0.672.0 y anteriores en ESET Smart Security 3.0.672 y anteriores permite a usuarios locales obtener privilegios mediante un IRP manipulado en una petición METHOD_NEITHER IOCTL a \Device\E... • https://www.exploit-db.com/exploits/7516 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5527
https://notcve.org/view.php?id=CVE-2008-5527
12 Dec 2008 — ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. ESET Smart Security, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocand... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •