ESET Smart Security Local Privilege Escalation Exploit

vendor:

ESET Smart Security

by:

Alex NTInternals

7.2

CVSS

HIGH

Local Privilege Escalation

264

CWE

Product Name: ESET Smart Security

Affected Version From: 3.0.672

Affected Version To: 3.0.672.0

Patch Exists: YES

Related CWE: N/A

CPE: a:eset:smart_security

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

ESET Smart Security Local Privilege Escalation Exploit

ESET Smart Security is a security suite for the Windows platform. It includes an antivirus, antispyware, anti-spam and personal firewall. The Eset Personal Firewall driver (epfw.sys) is vulnerable to a local privilege escalation attack. The vulnerability is caused due to a lack of proper validation of user-supplied data, which can be exploited by local attackers to gain elevated privileges.

Mitigation:

Ensure that user-supplied data is properly validated before being used.

Source

Exploit-DB raw data:

////////////////////////////////////////////////////////////////////////////////////
// +----------------------------------------------------------------------------+ //
// |                                                                            | //
// | ESET, LLC. - http://www.eset.com/                                          | //
// |                                                                            | //
// | Affected Software:                                                         | //
// | ESET Smart Security <= 3.0.672                                             | //
// |                                                                            | //
// | Affected Driver:                                                           | //
// | Eset Personal Firewall driver - epfw.sys <= 3.0.672.0                      | //
// |                                                                            | //
// | Local Privilege Escalation Exploit                                         | //
// | For Educational Purposes Only !                                            | //
// |                                                                            | //
// +----------------------------------------------------------------------------+ //
// |                                                                            | //
// | NT Internals - http://www.ntinternals.org/                                 | //
// | alex ntinternals org                                                       | //
// | 18 December 2008                                                           | //
// |                                                                            | //
// | References:                                                                | //
// | Exploiting Common Flaws in Drivers                                         | //
// | Ruben Santamarta - http://reversemode.com/                                 | //
// |                                                                            | //
// +----------------------------------------------------------------------------+ //
////////////////////////////////////////////////////////////////////////////////////
 
Exploit:
http://www.ntinternals.org/ntiadv0807/Epfw_Exp.zip
backup: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/7516.zip (2008-Epfw_Exp.zip)
 
Advisory:
http://www.ntinternals.org/ntiadv0807/ntiadv0807.html

# milw0rm.com [2008-12-18]