CVE-2020-9264
Summary
| CVE | CVE-2020-9264 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-18 15:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. |
Risk And Classification
Problem Types: CWE-436
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eset | Cyber Security | All | All | All | All |
| Application | Eset | Cyber Security | All | All | All | All |
| Application | Eset | Cyber Security | All | All | All | All |
| Application | Eset | Cyber Security | All | All | All | All |
| Application | Eset | Internet Security | All | All | All | All |
| Application | Eset | Internet Security | All | All | All | All |
| Application | Eset | Mobile Security | All | All | All | All |
| Application | Eset | Mobile Security | All | All | All | All |
| Application | Eset | Nod32 Antivirus | All | All | All | All |
| Application | Eset | Nod32 Antivirus | 4 | All | All | All |
| Application | Eset | Nod32 Antivirus | All | All | All | All |
| Application | Eset | Nod32 Antivirus | 4 | All | All | All |
| Application | Eset | Smart Security | All | All | All | All |
| Application | Eset | Smart Security | All | All | All | All |
| Application | Eset | Smart Tv Security | All | All | All | All |
| Application | Eset | Smart Tv Security | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Musings on Information Security and Data Privacy: [TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum) | MISC | blog.zoller.lu | Third Party Advisory |
| Full Disclosure: Re: [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information) | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| [CA7387] Modules Review, December 2019 | MISC | support.eset.com | Release Notes |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.