Description
The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by NT Internals · textlocalwindows
https://www.exploit-db.com/exploits/7516
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://www.eset.com/joomla/index.php?option=com_content&task=view&id=4113&Itemid=5
Various Sources x_refsource_misc
http://www.ntinternals.org/ntiadv0807/ntiadv0807.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33210
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3456
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32917
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47477
Scores
EPSS
0.0020
EPSS Percentile
42.2%
Details
CWE
CWE-264
Status
published
Products (10)
eset/smart_security
3.0.551
eset/smart_security
3.0.560
eset/smart_security
3.0.563
eset/smart_security
3.0.621
eset/smart_security
3.0.642
eset/smart_security
3.0.650
eset/smart_security
3.0.657
eset/smart_security
3.0.667
eset/smart_security
3.0.669
eset/smart_security
< 3.0.672
Published
Dec 26, 2008
Tracked Since
Feb 18, 2026