MidnightBSD

Advisories for eset

CVE-2007-3970 HIGH

Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
eset nod32_antivirus *
CVE-2010-5160 MEDIUM

Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-362,

Products Affected

Vendor Product Version
eset smart_security 4.2.35.3
CVE-2012-1420 MEDIUM

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pandasecurity panda_antivirus 10.0.2.7
eset nod32_antivirus 5795
fortinet fortinet_antivirus 4.2.254.0
k7computing antivirus 9.77.3565
microsoft security_essentials 2.0
rising-global rising_antivirus 22.83.00.03
cat quick_heal 11.00
authentium command_antivirus 5.2.11.5
f-prot f-prot_antivirus 4.6.2.117
kaspersky kaspersky_anti-virus 7.0.0.125
norman norman_antivirus_&_antispyware 6.06.12
CVE-2012-1422 MEDIUM

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
eset nod32_antivirus 5795
rising-global rising_antivirus 22.83.00.03
cat quick_heal 11.00
norman norman_antivirus_&_antispyware 6.06.12
CVE-2012-1423 MEDIUM

The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
eset nod32_antivirus 5795
fortinet fortinet_antivirus 4.2.254.0
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
k7computing antivirus 9.77.3565
emsisoft anti-malware 5.1.0.1
rising-global rising_antivirus 22.83.00.03
virusbuster virusbuster 13.6.151.0
authentium command_antivirus 5.2.11.5
f-prot f-prot_antivirus 4.6.2.117
norman norman_antivirus_&_antispyware 6.06.12
pc_tools pc_tools_antivirus 7.0.3.5
CVE-2012-1425 MEDIUM

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
trendmicro trend_micro_antivirus 9.120.0.1004
cat quick_heal 11.00
avira antivir 7.11.1.163
kaspersky kaspersky_anti-virus 7.0.0.125
mcafee gateway 2010.1c
norman norman_antivirus_&_antispyware 6.06.12
pc_tools pc_tools_antivirus 7.0.3.5
trendmicro housecall 9.120.0.1004
eset nod32_antivirus 5795
fortinet fortinet_antivirus 4.2.254.0
symantec endpoint_protection 11.0
emsisoft anti-malware 5.1.0.1
jiangmin jiangmin_antivirus 13.0.900
mcafee scan_engine 5.400.0.1158
antiy avl_sdk 2.0.3.7
CVE-2012-1443 MEDIUM

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
k7computing antivirus 9.77.3565
alwil avast_antivirus 5.0.677.0
microsoft security_essentials 2.0
virusbuster virusbuster 13.6.151.0
trendmicro trend_micro_antivirus 9.120.0.1004
ahnlab v3_internet_security 2011.01.18.00
cat quick_heal 11.00
kaspersky kaspersky_anti-virus 7.0.0.125
mcafee gateway 2010.1c
pc_tools pc_tools_antivirus 7.0.3.5
trendmicro housecall 9.120.0.1004
pandasecurity panda_antivirus 10.0.2.7
anti-virus vba32 3.12.14.2
clamav clamav 0.96.4
f-secure f-secure_anti-virus 9.0.16160.0
nprotect nprotect_antivirus 2011-01-17.01
aladdin esafe 7.0.17.0
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
rising-global rising_antivirus 22.83.00.03
authentium command_antivirus 5.2.11.5
f-prot f-prot_antivirus 4.6.2.117
avira antivir 7.11.1.163
alwil avast_antivirus 4.8.1351.0
avg avg_anti-virus 10.0.0.1190
norman norman_antivirus_&_antispyware 6.06.12
eset nod32_antivirus 5795
fortinet fortinet_antivirus 4.2.254.0
symantec endpoint_protection 11.0
emsisoft anti-malware 5.1.0.1
gdata-software g_data_antivirus 21
jiangmin jiangmin_antivirus 13.0.900
comodo comodo_antivirus 7424
sophos sophos_anti-virus 4.61.0
mcafee scan_engine 5.400.0.1158
antiy avl_sdk 2.0.3.7
bitdefender bitdefender 7.2
CVE-2012-1449 MEDIUM

The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMajor field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
eset nod32_antivirus 5795
rising-global rising_antivirus 22.83.00.03
CVE-2012-1455 MEDIUM

The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMinor version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
eset nod32_antivirus 5795
rising-global rising_antivirus 22.83.00.03
CVE-2012-1456 MEDIUM

The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
aladdin esafe 7.0.17.0
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
rising-global rising_antivirus 22.83.00.03
trendmicro trend_micro_antivirus 9.120.0.1004
cat quick_heal 11.00
f-prot f-prot_antivirus 4.6.2.117
kaspersky kaspersky_anti-virus 7.0.0.125
mcafee gateway 2010.1c
avg avg_anti-virus 10.0.0.1190
norman norman_antivirus_&_antispyware 6.06.12
trendmicro housecall 9.120.0.1004
pandasecurity panda_antivirus 10.0.2.7
eset nod32_antivirus 5795
fortinet fortinet_antivirus 4.2.254.0
symantec endpoint_protection 11.0
emsisoft anti-malware 5.1.0.1
jiangmin jiangmin_antivirus 13.0.900
comodo comodo_antivirus 7424
sophos sophos_anti-virus 4.61.0
mcafee scan_engine 5.400.0.1158
CVE-2012-1457 MEDIUM

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
k7computing antivirus 9.77.3565
alwil avast_antivirus 5.0.677.0
microsoft security_essentials 2.0
virusbuster virusbuster 13.6.151.0
trendmicro trend_micro_antivirus 9.120.0.1004
cat quick_heal 11.00
kaspersky kaspersky_anti-virus 7.0.0.125
mcafee gateway 2010.1c
pc_tools pc_tools_antivirus 7.0.3.5
trendmicro housecall 9.120.0.1004
anti-virus vba32 3.12.14.2
clamav clamav 0.96.4
aladdin esafe 7.0.17.0
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
rising-global rising_antivirus 22.83.00.03
authentium command_antivirus 5.2.11.5
f-prot f-prot_antivirus 4.6.2.117
avira antivir 7.11.1.163
alwil avast_antivirus 4.8.1351.0
avg avg_anti-virus 10.0.0.1190
norman norman_antivirus_&_antispyware 6.06.12
eset nod32_antivirus 5795
symantec endpoint_protection 11.0
emsisoft anti-malware 5.1.0.1
gdata-software g_data_antivirus 21
jiangmin jiangmin_antivirus 13.0.900
mcafee scan_engine 5.400.0.1158
antiy avl_sdk 2.0.3.7
bitdefender bitdefender 7.2
CVE-2012-1459 MEDIUM

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
k7computing antivirus 9.77.3565
alwil avast_antivirus 5.0.677.0
microsoft security_essentials 2.0
virusbuster virusbuster 13.6.151.0
trendmicro trend_micro_antivirus 9.120.0.1004
ahnlab v3_internet_security 2011.01.18.00
cat quick_heal 11.00
kaspersky kaspersky_anti-virus 7.0.0.125
mcafee gateway 2010.1c
pc_tools pc_tools_antivirus 7.0.3.5
trendmicro housecall 9.120.0.1004
pandasecurity panda_antivirus 10.0.2.7
anti-virus vba32 3.12.14.2
clamav clamav 0.96.4
f-secure f-secure_anti-virus 9.0.16160.0
nprotect nprotect_antivirus 2011-01-17.01
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
rising-global rising_antivirus 22.83.00.03
authentium command_antivirus 5.2.11.5
f-prot f-prot_antivirus 4.6.2.117
avira antivir 7.11.1.163
alwil avast_antivirus 4.8.1351.0
avg avg_anti-virus 10.0.0.1190
norman norman_antivirus_&_antispyware 6.06.12
eset nod32_antivirus 5795
fortinet fortinet_antivirus 4.2.254.0
symantec endpoint_protection 11.0
emsisoft anti-malware 5.1.0.1
gdata-software g_data_antivirus 21
jiangmin jiangmin_antivirus 13.0.900
comodo comodo_antivirus 7424
sophos sophos_anti-virus 4.61.0
mcafee scan_engine 5.400.0.1158
antiy avl_sdk 2.0.3.7
bitdefender bitdefender 7.2
CVE-2012-1461 MEDIUM

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
k7computing antivirus 9.77.3565
rising-global rising_antivirus 22.83.00.03
trendmicro trend_micro_antivirus 9.120.0.1004
authentium command_antivirus 5.2.11.5
kaspersky kaspersky_anti-virus 7.0.0.125
mcafee gateway 2010.1c
avg avg_anti-virus 10.0.0.1190
norman norman_antivirus_&_antispyware 6.06.12
trendmicro housecall 9.120.0.1004
eset nod32_antivirus 5795
fortinet fortinet_antivirus 4.2.254.0
symantec endpoint_protection 11.0
emsisoft anti-malware 5.1.0.1
anti-virus vba32 3.12.14.2
jiangmin jiangmin_antivirus 13.0.900
sophos sophos_anti-virus 4.61.0
mcafee scan_engine 5.400.0.1158
bitdefender bitdefender 7.2
f-secure f-secure_anti-virus 9.0.16160.0
CVE-2014-4973 MEDIUM

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
eset smart_security 5.0.95
eset smart_security 6.0.316
eset smart_security 5.0.94
eset smart_security 5.2.15
eset smart_security 6.0.306
eset smart_security 6.0.314
eset endpoint_security 5.0.2126
eset endpoint_security 5.0.2113
eset endpoint_security 5.0.2214
eset endpoint_security 5.0.2225
eset endpoint_security 5.0.2122
eset endpoint_security 5.0.2228
eset smart_security 5.2.9
eset smart_security 6.0.308
CVE-2014-4974 LOW

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
eset personal_firewall_ndis_filter *
CVE-2015-8841 HIGH

Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation file of type SIS_FILE_MULTILANG.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
eset nod32 -
CVE-2016-9892 MEDIUM

The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
eset endpoint_security 6.3.70.1
eset endpoint_antivirus 6.3.70.1
CVE-2018-0649 HIGH

Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
eset compusec -
eset smart_security_premium -
eset nod32_antivirus -
eset smart_security -
eset deslock+_pro -
eset internet_security -
CVE-2019-16519 HIGH

ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
eset endpoint_antivirus *
eset endpoint_security *
eset cyber_security *
CVE-2019-17549 MEDIUM

ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eset cyber_security *
CVE-2019-19792 HIGH

A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
eset cyber_security *
CVE-2020-10180 HIGH

The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-436,

Products Affected

Vendor Product Version
eset smart_security *
eset smart_tv_security *
eset mobile_security *
eset cyber_security *
eset nod32_antivirus 4
eset nod32_antivirus *
CVE-2020-10193 MEDIUM

ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-436,

Products Affected

Vendor Product Version
eset smart_security *
eset smart_tv_security *
eset internet_security *
eset mobile_security *
eset cyber_security *
eset mobile_security 1294
eset nod32_antivirus *
CVE-2020-11446 MEDIUM

ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
eset file_security -
eset endpoint_antivirus -
eset endpoint_security -
eset mail_security -
eset antivirus_and_antispyware *
eset nod32_antivirus -
eset smart_security -
eset internet_security -
CVE-2020-26941 LOW

A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,

Products Affected

Vendor Product Version
eset smart_security *
eset endpoint_antivirus *
eset internet_security *
eset security *
eset endpoint_security *
eset mail_security *
eset internet_security 1294
eset file_security *
eset nod32_antivirus *
CVE-2020-9264 MEDIUM

ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-436,

Products Affected

Vendor Product Version
eset smart_security *
eset smart_tv_security *
eset internet_security *
eset mobile_security *
eset cyber_security *
eset nod32_antivirus 4
eset nod32_antivirus *
CVE-2021-37850 LOW

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@eset.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
eset endpoint_antivirus *
eset endpoint_security *
eset cyber_security *
CVE-2021-37851 HIGH

Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@eset.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-280,CWE-755,

Products Affected

Vendor Product Version
eset smart_security *
eset endpoint_antivirus *
eset server_security *
eset internet_security *
eset security *
eset endpoint_security *
eset mail_security *
eset file_security *
eset nod32_antivirus *
CVE-2021-37852 HIGH

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@eset.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
eset smart_security *
eset endpoint_antivirus *
eset server_security *
eset internet_security *
eset security *
eset server_security 8.0.12003.1
eset endpoint_security *
eset mail_security *
eset file_security *
eset server_security 8.0.12003.0
eset nod32_antivirus *
CVE-2022-0615 HIGH

Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@eset.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
eset endpoint_antivirus *
eset server_security *
CVE-2022-2402

The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0
security@eset.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0

Products Affected

Vendor Product Version
eset endpoint_encryption *
eset full_disk_encryption *
CVE-2022-27167 LOW

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@eset.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-280,CWE-755,

Products Affected

Vendor Product Version
eset smart_security *
eset endpoint_antivirus *
eset server_security *
eset internet_security *
eset security *
eset endpoint_security *
eset mail_security *
eset file_security *
eset nod32_antivirus *
CVE-2023-2847

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@eset.com 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0

Products Affected

Vendor Product Version
eset endpoint_antivirus *
eset server_security *
eset cyber_security *
CVE-2023-3160

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security@eset.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
eset nod32 -
eset security -
eset endpoint_antivirus -
eset endpoint_security -
eset mail_security -
eset smart_security -
eset internet_security -
eset server_security -
CVE-2023-5594

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 3.9 4.0
security@eset.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N 2.2 4.7

Products Affected

Vendor Product Version
eset endpoint_antivirus *
eset file_security -
eset server_security *
eset security -
eset endpoint_antivirus -
eset endpoint_security -
eset mail_security -
eset nod32_antivirus -
eset smart_security -
eset internet_security -
eset server_security -
CVE-2023-7043

Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6
security@eset.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
eset smart_security_premium *
eset endpoint_antivirus *
eset internet_security *
eset endpoint_security *
eset mail_security 10.1.10012.0
eset nod32_antivirus *
CVE-2024-0353

Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@eset.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
eset smart_security *
eset endpoint_antivirus *
eset server_security *
eset internet_security *
eset security *
eset endpoint_security *
eset mail_security *
eset file_security *
eset nod32_antivirus *
CVE-2024-3779

Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@eset.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

Products Affected

Vendor Product Version
eset smart_security *
eset nod32 *
eset endpoint_antivirus *
eset server_security *
eset internet_security *
eset security *
eset endpoint_security *
eset mail_security *
eset mail_security -
CVE-2025-13818

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent

Products Affected

Vendor Product Version
eset management_agent *