CVE-2014-3752

low-risk

Published 2018-02-01

The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call.

Do I need to act?

0.09% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Totalprotection

Affected Vendors

Gdata-Software

References (8)

Third Party Advisory http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Exe...

Mailing List http://seclists.org/fulldisclosure/2014/Jun/125

http://www.securityfocus.com/archive/1/532559/100/0/threaded

Third Party Advisory https://www.portcullis-security.com/security-research-and-downloads/security-adv...

Third Party Advisory http://packetstormsecurity.com/files/127227/G-Data-TotalProtection-2014-Code-Exe...

Mailing List http://seclists.org/fulldisclosure/2014/Jun/125

http://www.securityfocus.com/archive/1/532559/100/0/threaded

Third Party Advisory https://www.portcullis-security.com/security-research-and-downloads/security-adv...

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal