Vulnerabilities > Eset
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-03-21 | CVE-2012-1423 | Permissions, Privileges, and Access Controls vulnerability in multiple products The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. | 4.3 |
| 2012-03-21 | CVE-2012-1422 | Permissions, Privileges, and Access Controls vulnerability in multiple products The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. | 4.3 |
| 2012-03-21 | CVE-2012-1420 | Permissions, Privileges, and Access Controls vulnerability in multiple products The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. | 4.3 |
| 2009-08-28 | CVE-2008-7107 | Improper Input Validation vulnerability in Eset Smart Security 3.0.667.0 easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface. | 7.2 |
| 2009-02-12 | CVE-2009-0548 | Cross-Site Scripting vulnerability in Eset Remote Administrator Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-12-26 | CVE-2008-5724 | Permissions, Privileges, and Access Controls vulnerability in Eset Smart Security The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory. | 7.2 |
| 2008-12-12 | CVE-2008-5534 | Improper Input Validation vulnerability in Eset Nod32 Antivirus 3440/3662 ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
| 2008-12-12 | CVE-2008-5527 | Improper Input Validation vulnerability in Eset Smart Security 3.0 ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
| 2008-12-11 | CVE-2008-5425 | Resource Management Errors vulnerability in Eset Nod32 Antivirus 2.70.0039.0000 ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. | 4.3 |