Lucene search

[email protected]CVE-2007-3970

HistoryJul 25, 2007 - 5:30 p.m.

CVE-2007-3970

2007-07-2517:30:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2007-3970

eset nod32 antivirus

race condition

remote code execution

heap corruption

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.4%

JSON

Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.

Affected configurations

NVD

Node

esetnod32_antivirusRange<2.2289

CPENameOperatorVersion
eset:nod32_antiviruseset nod32 antiviruslt2.2289

CPE	Name	Operator	Version
eset:nod32_antivirus	eset nod32 antivirus	lt	2.2289

References

osvdb.org/37976

secunia.com/advisories/26124

securityreason.com/securityalert/2922

www.eset.com/joomla/index.php?option=com_content&task=view&id=3469&Itemid=26

www.nruns.com/%5Bn.runs-SA-2007.016%5D%20-%20NOD32%20Antivirus%20CAB%20parsing%20Arbitrary%20Code%20Execution%20Advisory.pdf

www.nruns.com/%5Bn.runs-SA-2007.016%5D%20-%20NOD32%20Antivirus%20CAB%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt

www.securityfocus.com/archive/1/474244/100/0/threaded

www.securityfocus.com/bid/24988

www.vupen.com/english/advisories/2007/2602

exchange.xforce.ibmcloud.com/vulnerabilities/35526

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.4%

JSON

Related for CVE-2007-3970

prion1 cvelist1 nvd1 kaspersky1 nessus1