MidnightBSD

Advisories for drweb

CVE-2010-5159 MEDIUM

Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-362,

Products Affected

Vendor Product Version
drweb web_security_space 6.0.0.03100
CVE-2012-1447 MEDIUM

The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
aladdin esafe 7.0.17.0
pandasecurity panda_antivirus 10.0.2.7
fortinet fortinet_antivirus 4.2.254.0
drweb dr.web_antivirus 5.0.2.03300
CVE-2012-1453 MEDIUM

The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
kaspersky kaspersky_anti-virus 7.0.0.125
sophos sophos_anti-virus 4.61.0
mcafee gateway 2010.1c
trendmicro trend_micro_antivirus 9.120.0.1004
trendmicro housecall 9.120.0.1004
microsoft security_essentials 2.0
rising-global rising_antivirus 22.83.00.03
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
pandasecurity panda_antivirus 10.0.2.7
emsisoft anti-malware 5.1.0.1
ca etrust_vet_antivirus 36.1.8511
fortinet fortinet_antivirus 4.2.254.0
antiy avl_sdk 2.0.3.7
drweb dr.web_antivirus 5.0.2.03300
CVE-2012-1454 MEDIUM

The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
aladdin esafe 7.0.17.0
pandasecurity panda_antivirus 10.0.2.7
mcafee gateway 2010.1c
rising-global rising_antivirus 22.83.00.03
fortinet fortinet_antivirus 4.2.254.0
drweb dr.web_antivirus 5.0.2.03300
CVE-2020-23967 HIGH

Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-347,

Products Affected

Vendor Product Version
drweb security_space 11.0
drweb security_space 12.0
CVE-2021-28130 MEDIUM

Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
drweb security_space 12.5.2.4160