Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 1.0.11 |
| eset_software | nod32_antivirus | 1.0.12 |
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_anti-virus | 3.80 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.82 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.86 |
| archive_zip | archive_zip | 1.13 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_antivirus | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.78d |
| broadcom | etrust_ez_armor | 2.4 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | * |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.84 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_ez_antivirus | 6.2 |
| ca | etrust_antivirus | 7.0_sp2 |
| broadcom | etrust_intrusion_detection | 1.5 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_antivirus | 6.1 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.12 |
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_anti-virus | 3.80 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.82 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.86 |
| archive_zip | archive_zip | 1.13 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_antivirus | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.78d |
| broadcom | etrust_ez_armor | 2.4 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | * |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.84 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_ez_antivirus | 6.2 |
| ca | etrust_antivirus | 7.0_sp2 |
| broadcom | etrust_intrusion_detection | 1.5 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_antivirus | 6.1 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.12 |
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_anti-virus | 3.80 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.82 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.86 |
| archive_zip | archive_zip | 1.13 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_antivirus | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.78d |
| broadcom | etrust_ez_armor | 2.4 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | * |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.84 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_ez_antivirus | 6.2 |
| ca | etrust_antivirus | 7.0_sp2 |
| broadcom | etrust_intrusion_detection | 1.5 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_antivirus | 6.1 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.12 |
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_anti-virus | 3.80 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.82 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.86 |
| archive_zip | archive_zip | 1.13 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_antivirus | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.78d |
| broadcom | etrust_ez_armor | 2.4 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | * |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.84 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_ez_antivirus | 6.2 |
| ca | etrust_antivirus | 7.0_sp2 |
| broadcom | etrust_intrusion_detection | 1.5 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_antivirus | 6.1 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.12 |
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_anti-virus | 3.80 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.82 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.86 |
| archive_zip | archive_zip | 1.13 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_antivirus | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.78d |
| broadcom | etrust_ez_armor | 2.4 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | * |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.84 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_ez_antivirus | 6.2 |
| ca | etrust_antivirus | 7.0_sp2 |
| broadcom | etrust_intrusion_detection | 1.5 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_antivirus | 6.1 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.12 |
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_anti-virus | 3.80 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.82 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.86 |
| archive_zip | archive_zip | 1.13 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_antivirus | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.78d |
| broadcom | etrust_ez_armor | 2.4 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | * |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.84 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_ez_antivirus | 6.2 |
| ca | etrust_antivirus | 7.0_sp2 |
| broadcom | etrust_intrusion_detection | 1.5 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_antivirus | 6.1 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.12 |
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 1.0.11 |
| sophos | sophos_anti-virus | 3.4.6 |
| broadcom | etrust_ez_armor | 2.3 |
| sophos | sophos_anti-virus | 3.85 |
| broadcom | etrust_ez_armor | 2.0 |
| kaspersky_lab | kaspersky_anti-virus | 4.0 |
| rav_antivirus | rav_antivirus_for_file_servers | 1.0 |
| broadcom | etrust_antivirus_gateway | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.5 |
| sophos | sophos_anti-virus | 3.80 |
| rav_antivirus | rav_antivirus_for_mail_servers | 8.4.2 |
| sophos | sophos_anti-virus | 3.82 |
| ca | etrust_secure_content_manager | 1.0 |
| sophos | sophos_anti-virus | 3.86 |
| mandrakesoft | mandrake_linux | 10.1 |
| broadcom | etrust_antivirus | 7.0 |
| sophos | sophos_small_business_suite | 1.0 |
| broadcom | etrust_secure_content_manager | 1.1 |
| gentoo | linux | 1.4 |
| broadcom | etrust_antivirus_gateway | 7.0 |
| rav_antivirus | rav_antivirus_desktop | 8.6 |
| broadcom | inoculateit | 6.0 |
| broadcom | etrust_antivirus | 7.1 |
| broadcom | etrust_intrusion_detection | 1.4.1.13 |
| sophos | sophos_anti-virus | 3.78d |
| broadcom | etrust_ez_armor | 2.4 |
| kaspersky_lab | kaspersky_anti-virus | 3.0 |
| sophos | sophos_anti-virus | 3.83 |
| gentoo | linux | * |
| sophos | sophos_anti-virus | 3.81 |
| sophos | sophos_puremessage_anti-virus | 4.6 |
| sophos | sophos_anti-virus | 3.79 |
| broadcom | etrust_ez_antivirus | 6.3 |
| sophos | sophos_anti-virus | 3.84 |
| kaspersky_lab | kaspersky_anti-virus | 5.0 |
| broadcom | etrust_secure_content_manager | 1.0 |
| broadcom | etrust_ez_antivirus | 6.2 |
| ca | etrust_antivirus | 7.0_sp2 |
| broadcom | etrust_intrusion_detection | 1.5 |
| mcafee | antivirus_engine | 4.3.20 |
| broadcom | brightstor_arcserve_backup | 11.1 |
| eset_software | nod32_antivirus | 1.0.13 |
| sophos | sophos_anti-virus | 3.78 |
| broadcom | etrust_ez_antivirus | 6.1 |
| suse | suse_linux | 9.2 |
| eset_software | nod32_antivirus | 1.0.12 |
Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 1127, with active scanning enabled, allows remote attackers to execute arbitrary code via an ARJ archive containing a file with a long filename.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 2.5 |
Multiple interpretation error in unspecified versions of NOD32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | * |
The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 2.5 |
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | 1.0.11 |
| eset_software | nod32_antivirus | 2.5 |
| eset_software | nod32_antivirus | 1.0.13 |
| eset_software | nod32_antivirus | 1.0.12 |
Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted ASPACK packed file, which triggers an infinite loop.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | * |
ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eset_software | nod32_antivirus | * |