CVE-2019-9742
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation.
gdwfpcd.sys en G Data Total Security, en CVErsiones anteriores al 22/02/2019, permite que un atacante omita las listas de control de acceso debido a que las características interpretadas del dispositivo carecen de FILE_DEVICE_SECURE_OPEN y, por lo tanto, los archivos y directorios "dentro" del dispositivo \\.\gdwfpcd no están correctamente protegidos, lo que conduce a la suplantación no planeada o a la creación de objetos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-13 CVE Reserved
- 2019-03-13 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gdata-software Search vendor "Gdata-software" | Total Security Search vendor "Gdata-software" for product "Total Security" | < 2019-02-22 Search vendor "Gdata-software" for product "Total Security" and version " < 2019-02-22" | - |
Affected
|