NOD32 < 2.51.26 Antivirus Local File Overwrite

high Nessus Network Monitor Plugin ID 3503

Synopsis

The remote antivirus software can be tricked by local users into replacing system files.

Description

The remote host is running the NOD32 antivirus software. This software is vulnerable to a flaw where local users can execute arbitrary code by quarantining a file and then 'restoring' the file in such a manner that, when next executed, the file is run with SYSTEM privileges.

Solution

Upgrade to version 2.51.26 or higher.

See Also

http://www.nod32.com

Plugin Details

Severity: High

ID: 3503

Family: Web Clients

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.4

Temporal Score: 8.2

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:eset_software:nod32_antivirus

Reference Information

CVE: CVE-2006-1649

BID: 17374