ESET NOD32 Antivirus CAB File Parsing Engine Integer Overflow Vulnerability
BID:21701
Info
ESET NOD32 Antivirus CAB File Parsing Engine Integer Overflow Vulnerability
| Bugtraq ID: | 21701 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 21 2006 12:00AM |
| Updated: | Dec 21 2006 12:00AM |
| Credit: | Sergio Alvarez is credited with the discovery of this issue. |
| Vulnerable: |
Eset NOD32 Antivirus 0 |
| Not Vulnerable: |
Eset NOD32 Antivirus 1.1743 |
Discussion
ESET NOD32 Antivirus CAB File Parsing Engine Integer Overflow Vulnerability
ESET NOD32 Antivirus is prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun.
An attacker can exploit this issue to execute arbitrary code with administrative privileges, facilitating the complete compromise of the affected application. Failed exploit attempts will result in a denial of service.
Versions prior to 1.1743 are vulnerable to this issue.
ESET NOD32 Antivirus is prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun.
An attacker can exploit this issue to execute arbitrary code with administrative privileges, facilitating the complete compromise of the affected application. Failed exploit attempts will result in a denial of service.
Versions prior to 1.1743 are vulnerable to this issue.
Exploit / POC
ESET NOD32 Antivirus CAB File Parsing Engine Integer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
ESET NOD32 Antivirus CAB File Parsing Engine Integer Overflow Vulnerability
Solution:
The vendor has released patches to address this issue. The vendor states that the application's automatic update feature should install the patches.
Solution:
The vendor has released patches to address this issue. The vendor states that the application's automatic update feature should install the patches.
References
ESET NOD32 Antivirus CAB File Parsing Engine Integer Overflow Vulnerability
References:
References:
- ESET Homepage (ESET)