Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-7107

CWE-20Improper Input Validation4 documents4 sources
Severity
7.2HIGH
EPSS
0.3%
top 46.69%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Eset Smart Security
Timeline
PublishedAug 28
Latest updateMay 17

Description

easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDeset/smart_security3.0.667.0

🔴Vulnerability Details

2
GHSA
GHSA-52pp-8j6x-c8q2: easdrv2022-05-17
CVEList
CVE-2008-7107: easdrv2009-08-28

💥Exploits & PoCs

1
Exploit-DB
ESET Smart Security 3.0.667.0 - Privilege Escalation (PoC)2008-08-16
CVE-2008-7107 (HIGH CVSS 7.2) | easdrv.sys in ESET Smart Security 3 | cvebase.io