Gdata : Security Vulnerabilities, CVEs,
Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL in G DATA Antivirus 2007 might allow remote attackers to execute arbitrary code via unspecified parameters to the SelectPath function. NOTE: this issue might not cross privilege boundaries in most environments, since it is not marked as safe for scripting.
Max CVSS
7.6
EPSS Score
7.29%
Published
2007-10-13
Updated
2018-10-15
The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-01-28
Updated
2017-08-08
Race condition in G DATA TotalCare 2010 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
Max CVSS
6.2
EPSS Score
0.04%
Published
2012-08-25
Updated
2024-04-11
G DATA InternetSecurity 2007 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey and (2) NtOpenProcess kernel SSDT hooks.
Max CVSS
4.6
EPSS Score
0.04%
Published
2007-09-24
Updated
2018-10-15
4 vulnerabilities found