{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-28T00:00:00", "descriptions": [{"lang": "en", "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"}, {"name": "20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Oct/118"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"}, {"name": "70770", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70770"}, {"name": "eset-cve20144974-info-disc(98312)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4974", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/", "refsource": "MISC", "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"}, {"name": "20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Oct/118"}, {"name": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"}, {"name": "70770", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70770"}, {"name": "eset-cve20144974-info-disc(98312)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:34:36.494Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"}, {"name": "20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Oct/118"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"}, {"name": "70770", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70770"}, {"name": "eset-cve20144974-info-disc(98312)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4974", "datePublished": "2014-11-04T16:00:00", "dateReserved": "2014-07-15T00:00:00", "dateUpdated": "2024-08-06T11:34:36.494Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eset:personal_firewall_ndis_filter:*:*:*:*:*:*:*:*", "matchCriteriaId": "A967F15F-3EFC-46F7-AE31-AF77E44F36BE", "versionEndIncluding": "1183_\\(20140214\\)", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls."}, {"lang": "es", "value": "El controlador del modo de kernel del filtro ESET Personal Firewall NDIS (EpFwNdis.sys), tambi\u00e9n conocido como el m\u00f3dulo Personal Firewall anterior a Build 1212 (20140609), utilizado en m\u00faltiples productos ESET 5.0 hasta 7.0, permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel a trav\u00e9s de llamadas IOCTL manipuladas."}], "id": "CVE-2014-4974", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-04T16:55:06.450", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2014/Oct/118"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/70770"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"}, {"source": "cve@mitre.org", "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2014/Oct/118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/70770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}