Vulnerabilities > CVE-2007-2852 - Buffer Overflow vulnerability in Eset Software Nod32 Antivirus 2.70.37.0

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
eset-software
critical
nessus

Summary

Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.

Vulnerable Configurations

Part Description Count
Application
Eset_Software
1

Nessus

NASL familyWindows
NASL idNOD32_2_70_37_0.NASL
descriptionThe version of NOD32 installed on the remote host reportedly contains two stack overflow vulnerabilities that can be triggered when the application tries to delete, disinfect, or rename an infected file in a specially-formatted directory. A remote attacker may be able to leverage these issues to execute code remotely or crash the affected service.
last seen2020-06-01
modified2020-06-02
plugin id25293
published2007-05-23
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25293
titleNOD32 Antivirus Directory Name Handling Multiple Operation Overflows