Product: ESET Windows Products
Affected version: v5.0 – 7.0 (Firewall Module Build 1183 (20140214) and earlier)
Fixed version: v6 – v7 (Firewall Module Build 1212 (20140609))
Reported by: Kyriakos Economou
Versions 5.0 – 7.0 of ESET Smart Security and ESET Endpoint Security products for Windows XP and Server 2003 allow a low privileged user to execute code as SYSTEM by exploiting a vulnerability in the ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver also mentioned as Personal Firewall module Build 1183 (20140214) and prior. This is a ‘trusted value vulnerability’ that can be triggered through a specific IOCTL with a specifically crafted buffer, to force the driver to validate an improper IOCTL.