Secunia Advisory: SA25375
Release Date: 2007-05-23
Last Update: 2007-05-24
Critical: Moderately critical
Impact: Privilege escalation
System access
Where: From remote
Solution Status: Vendor Patch
Software: NOD32 for Windows NT/2000/XP/2003 2.x
Description:
Ismael Briones has reported two vulnerabilities in Nod32 Antivirus, which potentially can be exploited by malicious users to gain escalated privileges, or by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors when performing actions on a detected file (e.g. "Rename" or "Delete). These can be exploited to cause stack-based buffer overflows when performing certain actions on a detected file with an overly long, specially crafted path name.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.70.37.
Solution:
Update to version 2.70.39.
http://www.eset.com/download/registered_software.php
Bollettino Secunia
Release Date: 2007-05-23
Last Update: 2007-05-24
Critical: Moderately critical
Impact: Privilege escalation
System access
Where: From remote
Solution Status: Vendor Patch
Software: NOD32 for Windows NT/2000/XP/2003 2.x
Description:
Ismael Briones has reported two vulnerabilities in Nod32 Antivirus, which potentially can be exploited by malicious users to gain escalated privileges, or by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors when performing actions on a detected file (e.g. "Rename" or "Delete). These can be exploited to cause stack-based buffer overflows when performing certain actions on a detected file with an overly long, specially crafted path name.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.70.37.
Solution:
Update to version 2.70.39.
http://www.eset.com/download/registered_software.php
Bollettino Secunia