Vulnerabilities > CVE-2007-2852 - Buffer Overflow vulnerability in Eset Software Nod32 Antivirus 2.70.37.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Windows |
| NASL id | NOD32_2_70_37_0.NASL |
| description | The version of NOD32 installed on the remote host reportedly contains two stack overflow vulnerabilities that can be triggered when the application tries to delete, disinfect, or rename an infected file in a specially-formatted directory. A remote attacker may be able to leverage these issues to execute code remotely or crash the affected service. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25293 |
| published | 2007-05-23 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25293 |
| title | NOD32 Antivirus Directory Name Handling Multiple Operation Overflows |
References
- http://osvdb.org/36650
- http://secunia.com/advisories/25375
- http://securityreason.com/securityalert/2733
- http://www.eset.com/support/news.php
- http://www.inkatel.com/wp-content/uploads/2007/05/Advisory.txt
- http://www.securityfocus.com/archive/1/469300/100/0/threaded
- http://www.securityfocus.com/archive/1/469337/100/0/threaded
- http://www.securityfocus.com/archive/1/469468/100/0/threaded
- http://www.securityfocus.com/bid/24098
- http://www.vupen.com/english/advisories/2007/1911
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34454