CVE-2006-0951 - The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-

CVE-2006-0951

Summary

The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors.

References

http://secunia.com/advisories/19054
http://secunia.com/secunia_research/2006-17/advisory/
http://www.osvdb.org/24394
http://www.vupen.com/english/advisories/2006/1242

Vulnerable Configurations

cpe:2.3:a:eset_software:nod32_antivirus:2.5:*:*:*:*:*:*:*
cpe:2.3:a:eset_software:nod32_antivirus:2.5:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 08-03-2011 - 02:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

misc	http://secunia.com/secunia_research/2006-17/advisory/
osvdb	24394
secunia	19054
vupen	ADV-2006-1242

Last major update

08-03-2011 - 02:31

Published

08-04-2006 - 01:04

Last modified

08-03-2011 - 02:31