CVE-2019-9742

Published: Mar 13, 2019

Modified: Sep 17, 2024

PUBLISHED

Description

gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \\.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://nafiez.github.io/security/bypass/2019/03/12/gdata-total-security-acl-bypass.html

x_refsource_MISC

https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-03-13-gdata-total-security-acl-bypass.md

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-9742

Description

Affected Products

References