// For flags

CVE-2008-4451

ESET SysInspector 1.1.1.0 - 'esiadrv.sys' (PoC)

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer.

El controlador de SysInspector AntiStealth (archivo esiasdrv.sys) versión 3.0.65535.0 en System Analyzer Tool de ESET versión 1.1.1.0, permite a los usuarios locales ejecutar código arbitrario por medio de una determinada petición de METHOD_NEITHER IOCTL en \Device\esiasdrv que sobrescribe un puntero.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-10-06 CVE Reserved
  • 2008-10-06 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Eset Software
Search vendor "Eset Software"
 System Analyzer Tool
Search vendor "Eset Software" for product "System Analyzer Tool"
 1.1.1.0
Search vendor "Eset Software" for product "System Analyzer Tool" and version "1.1.1.0"
-
Affected