CVE-2014-3752 Information

Description

The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Execution.html http://seclists.org/fulldisclosure/2014/Jun/125 http://www.securityfocus.com/archive/1/532559/100/0/threaded https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3752/

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.7