CVE-2008-7107

ESET Smart Security 3.0.667.0 - Denial of Service via IOCTL Request to easdrv.sys

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7107. PoCs published by g_.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in ESET Smart Security 3.0.667.0 by manipulating the easdrv.sys driver's IOCTL handling to overwrite kernel memory and execute arbitrary code in ring 0.

Description

easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.

Exploits (1)

exploitdb WORKING POC VERIFIED

by g_ · textdoswindows

https://www.exploit-db.com/exploits/6251

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in ESET Smart Security 3.0.667.0 by manipulating the easdrv.sys driver's IOCTL handling to overwrite kernel memory and execute arbitrary code in ring 0.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: ESET Smart Security 3.0.667.0

No auth needed

Prerequisites: Access to the system with ESET Smart Security 3.0.667.0 installed · Ability to execute arbitrary code on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6251

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30719

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/44520

Scores

EPSS 0.0083

EPSS Percentile 53.0%

Details

CWE

CWE-20

Status published

Products (1)

eset/smart_security 3.0.667.0

Published Aug 28, 2009

Tracked Since Feb 18, 2026