Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability
BID:17374
Info
Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability
| Bugtraq ID: | 17374 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 04 2006 12:00AM |
| Updated: | Apr 05 2006 07:08PM |
| Credit: | Discovery is credited to Bipin Gautam <[email protected]>. |
| Vulnerable: |
Eset NOD32 Antivirus 2.5 |
| Not Vulnerable: |
Eset NOD32 Antivirus 2.51.26 |
Discussion
Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability
NOD32 Antivirus is affected by a local arbitrary file-creation vulnerability. This issue is due to the application's failure to properly drop SYSTEM privileges when performing operations on behalf of a local user. Attackers cannot overwrite already-existing files by exploiting this issue.
This issue allows local attackers to create files in arbitrary locations with SYSTEM-level privileges. This may allow then them to execute arbitrary code with elevated privileges, facilitating the compromise of affected computers.
Versions prior to 2.51.26 are affected by this issue.
NOD32 Antivirus is affected by a local arbitrary file-creation vulnerability. This issue is due to the application's failure to properly drop SYSTEM privileges when performing operations on behalf of a local user. Attackers cannot overwrite already-existing files by exploiting this issue.
This issue allows local attackers to create files in arbitrary locations with SYSTEM-level privileges. This may allow then them to execute arbitrary code with elevated privileges, facilitating the compromise of affected computers.
Versions prior to 2.51.26 are affected by this issue.
Exploit / POC
Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability
An attacker uses standard, built-in functionality to exploit this issue.
An attacker uses standard, built-in functionality to exploit this issue.
Solution / Fix
Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability
Solution:
Reportedly, NOD32 version 2.51.26 is not vulnerable to this issue. Users are advised to upgrade through the application's online update feature. Symantec has not confirmed this.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Reportedly, NOD32 version 2.51.26 is not vulnerable to this issue. Users are advised to upgrade through the application's online update feature. Symantec has not confirmed this.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability
References:
References: