cvelistv5 - CVE-2014-4974

CVE-2014-4974 (GCVE-0-2014-4974)

Vulnerability from cvelistv5 – Published: 2014-11-04 16:00 – Updated: 2024-08-06 11:34

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.portcullis-security.com/security-rese…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2014/Oct/118	mailing-listx_refsource_FULLDISC
	http://packetstormsecurity.com/files/128874/ESET-…	x_refsource_MISC
	http://www.securityfocus.com/bid/70770	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:34:36.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"
          },
          {
            "name": "20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Oct/118"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"
          },
          {
            "name": "70770",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70770"
          },
          {
            "name": "eset-cve20144974-info-disc(98312)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"
        },
        {
          "name": "20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Oct/118"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"
        },
        {
          "name": "70770",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70770"
        },
        {
          "name": "eset-cve20144974-info-disc(98312)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4974",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/",
              "refsource": "MISC",
              "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"
            },
            {
              "name": "20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Oct/118"
            },
            {
              "name": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"
            },
            {
              "name": "70770",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70770"
            },
            {
              "name": "eset-cve20144974-info-disc(98312)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-4974",
    "datePublished": "2014-11-04T16:00:00",
    "dateReserved": "2014-07-15T00:00:00",
    "dateUpdated": "2024-08-06T11:34:36.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eset:personal_firewall_ndis_filter:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1183_\\\\(20140214\\\\)\", \"matchCriteriaId\": \"A967F15F-3EFC-46F7-AE31-AF77E44F36BE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.\"}, {\"lang\": \"es\", \"value\": \"El controlador del modo de kernel del filtro ESET Personal Firewall NDIS (EpFwNdis.sys), tambi\\u00e9n conocido como el m\\u00f3dulo Personal Firewall anterior a Build 1212 (20140609), utilizado en m\\u00faltiples productos ESET 5.0 hasta 7.0, permite a usuarios locales obtener informaci\\u00f3n sensible de la memoria del kernel a trav\\u00e9s de llamadas IOCTL manipuladas.\"}]",
      "id": "CVE-2014-4974",
      "lastModified": "2024-11-21T02:11:12.093",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-11-04T16:55:06.450",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Oct/118\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/70770\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/98312\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Oct/118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/70770\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/98312\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-4974\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-11-04T16:55:06.450\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.\"},{\"lang\":\"es\",\"value\":\"El controlador del modo de kernel del filtro ESET Personal Firewall NDIS (EpFwNdis.sys), tambi\u00e9n conocido como el m\u00f3dulo Personal Firewall anterior a Build 1212 (20140609), utilizado en m\u00faltiples productos ESET 5.0 hasta 7.0, permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel a trav\u00e9s de llamadas IOCTL manipuladas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:personal_firewall_ndis_filter:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1183_\\\\(20140214\\\\)\",\"matchCriteriaId\":\"A967F15F-3EFC-46F7-AE31-AF77E44F36BE\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Oct/118\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/70770\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/98312\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Oct/118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/70770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/98312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-5JC5-P8X9-F7GF

Vulnerability from github – Published: 2022-05-17 01:22 – Updated: 2025-04-12 12:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-4974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-11-04T16:55:00Z",
    "severity": "LOW"
  },
  "details": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.",
  "id": "GHSA-5jc5-p8x9-f7gf",
  "modified": "2025-04-12T12:41:30Z",
  "published": "2022-05-17T01:22:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4974"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"
    },
    {
      "type": "WEB",
      "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Oct/118"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/70770"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2014-4974

Vulnerability from fkie_nvd - Published: 2014-11-04 16:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html
	cve@mitre.org	http://seclists.org/fulldisclosure/2014/Oct/118
	cve@mitre.org	http://www.securityfocus.com/bid/70770
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/98312
	cve@mitre.org	https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/
	af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Oct/118
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/70770
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/98312
	af854a3a-2127-422b-91ae-364da2661108	https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/

Impacted products

	Vendor	Product	Version
	eset	personal_firewall_ndis_filter	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eset:personal_firewall_ndis_filter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A967F15F-3EFC-46F7-AE31-AF77E44F36BE",
              "versionEndIncluding": "1183_\\(20140214\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls."
    },
    {
      "lang": "es",
      "value": "El controlador del modo de kernel del filtro ESET Personal Firewall NDIS (EpFwNdis.sys), tambi\u00e9n conocido como el m\u00f3dulo Personal Firewall anterior a Build 1212 (20140609), utilizado en m\u00faltiples productos ESET 5.0 hasta 7.0, permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel a trav\u00e9s de llamadas IOCTL manipuladas."
    }
  ],
  "id": "CVE-2014-4974",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-04T16:55:06.450",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2014/Oct/118"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/70770"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Oct/118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-4974

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-4974

Aliases

CVE-2014-4974

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-4974",
    "description": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.",
    "id": "GSD-2014-4974"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-4974"
      ],
      "details": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.",
      "id": "GSD-2014-4974",
      "modified": "2023-12-13T01:22:45.353755Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-4974",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/",
            "refsource": "MISC",
            "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"
          },
          {
            "name": "20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2014/Oct/118"
          },
          {
            "name": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"
          },
          {
            "name": "70770",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/70770"
          },
          {
            "name": "eset-cve20144974-info-disc(98312)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:eset:personal_firewall_ndis_filter:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1183_\\(20140214\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4974"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"
            },
            {
              "name": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html"
            },
            {
              "name": "70770",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/70770"
            },
            {
              "name": "20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2014/Oct/118"
            },
            {
              "name": "eset-cve20144974-info-disc(98312)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:35Z",
      "publishedDate": "2014-11-04T16:55Z"
    }
  }
}

VAR-201411-0062

Vulnerability from variot - Updated: 2023-12-18 13:29

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls. Multiple ESET Products are prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. Both ESET Smart Security and ESET Endpoint Security are security package solutions from ESET in Slovakia, which include functions such as virus defense and cleaning, anti-spam and firewall; the former is the home version, and the latter is the business version. The vulnerability is caused by improper validation for some IOCTLs.

Further details at:

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/

Copyright: Copyright (c) Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.

Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

This email originates from the systems of Portcullis Computer Security Limited, a Private limited company, registered in England in accordance with the Companies Act under number 02763799. The registered office address of Portcullis Computer Security Limited is: Portcullis House, 2 Century Court, Tolpits Lane, Watford, United Kingdom, WD18 9RS.
The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Any opinions expressed are those of the individual and do not represent the opinion of the organisation. Access to this email by persons other than the intended recipient is strictly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or other action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email is subject to the terms and conditions expressed in the applicable Portcullis Computer Security Limited terms of business.

This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal.

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0062",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "personal firewall ndis filter",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "eset",
        "version": "1183_\\(20140214\\)"
      },
      {
        "model": "personal firewall ndis filter",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "eset",
        "version": "build 1212 (20140609)"
      },
      {
        "model": "personal firewall ndis filter",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "eset",
        "version": "1183_\\(20140214\\)"
      },
      {
        "model": "smart security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eset",
        "version": "0"
      },
      {
        "model": "personal firewall module build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eset",
        "version": "1183(20140214"
      },
      {
        "model": "endpoint security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eset",
        "version": "0"
      },
      {
        "model": "personal firewall module build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "eset",
        "version": "1212(20140609"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4974"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1369"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:eset:personal_firewall_ndis_filter:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1183_\\(20140214\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-4974"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Kyriakos Economou",
    "sources": [
      {
        "db": "BID",
        "id": "70770"
      },
      {
        "db": "PACKETSTORM",
        "id": "128874"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1369"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2014-4974",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-4974",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-72915",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-4974",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201410-1369",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-72915",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4974"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1369"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls. Multiple ESET Products are prone to a local information-disclosure vulnerability. \nLocal attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. Both ESET Smart Security and ESET Endpoint Security are security package solutions from ESET in Slovakia, which include functions such as virus defense and cleaning, anti-spam and firewall; the former is the home version, and the latter is the business version. \nThe vulnerability is caused by improper validation for some IOCTLs. \n\nFurther details at:\n\nhttps://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/\n\nCopyright:\nCopyright (c) Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. \n\nDisclaimer:\nThe information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user\u0027s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. \n\n\n\n###############################################################\nThis email originates from the systems of Portcullis\nComputer Security Limited, a Private limited company, \nregistered in England in accordance with the Companies \nAct under number 02763799. The registered office \naddress of Portcullis Computer Security Limited is: \nPortcullis House, 2 Century Court, Tolpits Lane, Watford, \nUnited Kingdom, WD18 9RS.  \nThe information in this email is confidential and may be \nlegally privileged. It is intended solely for the addressee. \nAny opinions expressed are those of the individual and \ndo not represent the opinion of the organisation. Access \nto this email by persons other than the intended recipient \nis strictly prohibited. \nIf you are not the intended recipient, any disclosure, \ncopying, distribution or other action taken or omitted to be \ntaken in reliance on it, is prohibited and may be unlawful. \nWhen addressed to our clients any opinions or advice \ncontained in this email is subject to the terms and \nconditions expressed in the applicable Portcullis Computer \nSecurity Limited terms of business. \n###############################################################\n\n#####################################################################################\nThis e-mail message has been scanned for Viruses and Content and cleared \nby MailMarshal. \n#####################################################################################\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-4974"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      },
      {
        "db": "BID",
        "id": "70770"
      },
      {
        "db": "VULHUB",
        "id": "VHN-72915"
      },
      {
        "db": "PACKETSTORM",
        "id": "128874"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-72915",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72915"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-4974",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "70770",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "128874",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005235",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1369",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "98312",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-72915",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72915"
      },
      {
        "db": "BID",
        "id": "70770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      },
      {
        "db": "PACKETSTORM",
        "id": "128874"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4974"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1369"
      }
    ]
  },
  "id": "VAR-201411-0062",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72915"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:29:39.589000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.eset.com/us/"
      },
      {
        "title": "Windows\u7528\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u30d1\u30fc\u30bd\u30ca\u30eb\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u6a5f\u80fd\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\uff08JVNDB-2014-005235\uff09\u3078\u306e\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://canon-its.jp/supp/eset/notify20141118.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4974"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/70770"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2014/oct/118"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/128874/eset-7.0-kernel-memory-leak.html"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4974"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4974"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/98312"
      },
      {
        "trust": 0.3,
        "url": "http://www.eset.com/smartsecurity/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4974"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72915"
      },
      {
        "db": "BID",
        "id": "70770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      },
      {
        "db": "PACKETSTORM",
        "id": "128874"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4974"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1369"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-72915"
      },
      {
        "db": "BID",
        "id": "70770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      },
      {
        "db": "PACKETSTORM",
        "id": "128874"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4974"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1369"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-11-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-72915"
      },
      {
        "date": "2014-10-22T00:00:00",
        "db": "BID",
        "id": "70770"
      },
      {
        "date": "2014-11-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      },
      {
        "date": "2014-10-28T18:13:16",
        "db": "PACKETSTORM",
        "id": "128874"
      },
      {
        "date": "2014-11-04T16:55:06.450000",
        "db": "NVD",
        "id": "CVE-2014-4974"
      },
      {
        "date": "2014-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1369"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-72915"
      },
      {
        "date": "2014-10-22T00:00:00",
        "db": "BID",
        "id": "70770"
      },
      {
        "date": "2014-12-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      },
      {
        "date": "2017-08-29T01:35:10.453000",
        "db": "NVD",
        "id": "CVE-2014-4974"
      },
      {
        "date": "2014-12-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1369"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "70770"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1369"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  ESET Used in products  ESET Personal Firewall NDIS Vulnerability in the acquisition of important information in the filter kernel mode driver",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005235"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1369"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-4974 (GCVE-0-2014-4974)

GHSA-5JC5-P8X9-F7GF

FKIE_CVE-2014-4974

GSD-2014-4974

VAR-201411-0062

Tags

Sightings

Nomenclature