ESET SysInspector - 1.1.1.0 (esiadrv.sys) Proof of Concept Exploit

ESET SysInspector is prone to a local privilege escalation vulnerability, which could be exploited by local users in order o execute arbitrary code with kernel privileges. The problem specifically exists within the IOCTL handling code in the esiadrv.sys (3.0.65535.0) device driver. The device driver fails to validate user supplied addresses passed to IOCTLs. All IOCTLs are generated as METHOD_NEITHER. Although this is not serious vulnerability because the device driver is loaded and unloaded dynamically with the GUI application.

**Hidden Content: To see this hidden content your post count must be 10 or greater.**