ID CVE-2007-2852
Summary Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.
References
Vulnerable Configurations
  • cpe:2.3:a:eset_software:nod32_antivirus:2.70.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:eset_software:nod32_antivirus:2.70.37.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-10-2018 - 16:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 24098
bugtraq
  • 20070521 NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities
  • 20070523 Re: NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities
  • 20070524 Re: NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities
confirm http://www.eset.com/support/news.php
misc http://www.inkatel.com/wp-content/uploads/2007/05/Advisory.txt
osvdb 36650
secunia 25375
sreason 2733
vupen ADV-2007-1911
xf nod32-directoryname-bo(34454)
Last major update 16-10-2018 - 16:45
Published 24-05-2007 - 19:30
Last modified 16-10-2018 - 16:45
Back to Top