Lucene search
K
EsetSmart Security

18 matches found

CVE
CVE
added 2022/02/09 5:14 a.m.431 views

CVE-2021-37852

The CVE-2021-37852 entry describes a local privilege-escalation in ESET products for Windows where an untrusted process impersonates the client of a named pipe. This impersonation (named-pipe client) allows a local attacker to escalate to NT AUTHORITY\SYSTEM. Documents from ZDI and NVD confirm th...

7.8CVSS7.7AI score0.00576EPSS
CVE
CVE
added 2020/03/06 7:26 p.m.112 views

CVE-2020-10193

The CVE-2020-10193 issue affects the ESET Archive Support Module prior to version 1294, enabling a virus-detection bypass via crafted RAR Compression Information in an archive. Impacted products include Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber ...

7.5CVSS7.5AI score0.01355EPSS
CVE
CVE
added 2022/05/10 7:43 p.m.100 views

CVE-2022-27167

CVE-2022-27167 describes a local privilege-escalation in multiple ESET Windows products, allowing an attacker to abuse the Repair/Uninstall paths to delete files. Affected products include ESET NOD32 Antivirus, Internet Security, Smart Security Premium, Endpoint Antivirus/Security, Server/File/Ma...

7.1CVSS7AI score0.00182EPSS
CVE
CVE
added 2021/01/21 2:35 p.m.92 views

CVE-2020-26941

The CVE-2020-26941 issue describes a local, authenticated, low-privilege user able to trigger arbitrary file overwrite (deletion) via a symlink during the installation phase of multiple ESET products, due to insecure installer permissions. Impact is limited to the installation window and requires...

5.5CVSS5.3AI score0.00332EPSS
CVE
CVE
added 2020/03/05 6:44 p.m.87 views

CVE-2020-10180

The CVE-2020-10180 issue concerns the ESET AV parsing engine where a crafted BZ2 Checksum field in an archive bypasses virus detection. Affected products and versions include Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Sec...

9.8CVSS9.1AI score0.01648EPSS
CVE
CVE
added 2024/07/16 8:17 a.m.81 views

CVE-2024-3779

The CVE-2024-3779 entry describes a Denial of Service affecting ESET security products for Windows, with impact on availability (AV:A/H) and local/low-exploitation characteristics per CVSS metrics. It states the issue can render the product inoperable shortly after installation or upgrade under n...

6.1CVSS5.9AI score0.00204EPSS
CVE
CVE
added 2022/05/11 2:8 p.m.80 views

CVE-2021-37851

CVE-2021-37851 is a local privilege escalation in ESET Windows products where an unpatched installer repair flow can be abused to execute code with higher privileges. Affected are ESET NOD32 Antivirus, Internet Security, Smart Security Premium (11.2 prior to 15.1.12.0) and ESET Endpoint Antivirus...

7.8CVSS7.5AI score0.002EPSS
CVE
CVE
added 2024/02/15 7:40 a.m.69 views

CVE-2024-0353

CVE-2024-0353 is a local privilege escalation in ESET products (e.g., ESET Smart Security Premium / Endpoint Antivirus) where the attacker can abuse ESET’s file operations via the ESET Service. The weakness arises from a vulnerability in privilege handling and a symbolic link abuse that allows de...

7.8CVSS7.8AI score0.00551EPSS
CVE
CVE
added 2009/08/28 3:0 p.m.64 views

CVE-2008-7107

CVE-2008-7107 affects ESET Smart Security 3.0.667.0; easdrv.sys can be triggered by a crafted IOCTL 0x222003 to the \.\easdrv interface, enabling local denial of service (crash). The NVD entry reports a base CVSS v2 score of 7.2 (LOCAL, low access complexity, no auth, complete impact on confident...

7.2CVSS6.3AI score0.00833EPSS
CVE
CVE
added 2023/08/14 9:27 a.m.64 views

CVE-2023-3160

CVE-2023-3160 is a local privilege escalation affecting ESET security products on Windows. The flaw allows an attacker to misuse ESET’s file operations during module updates to delete or move files without proper permissions. The specific flaw exists in the ekrn service, enabling privilege escala...

7.8CVSS7.6AI score0.00178EPSS
CVE
CVE
added 2008/12/12 6:13 p.m.63 views

CVE-2008-5527

CVE-2008-5527 describes a malware-detection bypass in HTML documents when viewed with Internet Explorer 6/7, by prepending an MZ header (EXE info) and altering the filename to have no extension, .txt, or .jpg. The vulnerability is demonstrated via CVE-2006-5745 exploits. The connected records ind...

9.3CVSS6.2AI score0.02241EPSS
CVE
CVE
added 2020/02/18 2:56 p.m.59 views

CVE-2020-9264

The CVE refers to a vulnerability in the ESET Archive Support Module present in versions before 1296, which allows a virus-detection bypass via a crafted Compression Information Field in ZIP archives. Affected products include Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Secu...

5.5CVSS5.4AI score0.0121EPSS
CVE
CVE
added 2023/12/21 11:30 a.m.59 views

CVE-2023-5594

CVE-2023-5594 describes improper validation of the server’s certificate chain in the secure traffic scanning feature, causing intermediate certificates signed with MD5 or SHA-1 to be treated as trusted. Multiple sources (NVD, CVE List, CNNVD, PRION/PRION-like entries, and EUVD) tie this to ESET s...

8.6CVSS8.1AI score0.00376EPSS
CVE
CVE
added 2020/04/29 1:15 p.m.55 views

CVE-2020-11446

The CVE-2020-11446 entry concerns ESET Antivirus and Antispyware Module versions 1553–1560. A user with limited rights can create hard links in certain ESET directories and force the product to write through these links to files normally not writable, enabling privilege escalation. The issue is l...

7.8CVSS7.6AI score0.00363EPSS
CVE
CVE
added 2008/12/26 5:8 p.m.53 views

CVE-2008-5724

CVE-2008-5724 affects the Personal Firewall driver (epfw.sys) in ESET Smart Security up to version 3.0.672, and the Personal Firewall component itself up to 3.0.672.0. The flaw allows local users to escalate privileges by sending a crafted IRP through a METHOD_NEITHER IOCTL to \Device\Epfw, which...

7.2CVSS6.5AI score0.00805EPSS
CVE
CVE
added 2014/09/23 3:0 p.m.53 views

CVE-2014-4973

The CVE-2014-4973 issue affects the EpFwNdis.sys driver (ESET Personal Firewall NDIS filter) in ESET Smart Security/Endpoint Security 5.0–7.0 (Firewall Module Build 1183, 20140214) and earlier. The vulnerability is a trusted-value condition exploitable via IOCTL 0x830020CC with a crafted input bu...

6.9CVSS6.6AI score0.01309EPSS
CVE
CVE
added 2018/09/07 2:0 p.m.51 views

CVE-2018-0649

The CVE-2018-0649 issue concerns an untrusted DLL search path in the installers for Canon IT Solutions Inc. software, affecting multiple products (e.g., ESET Smart Security Premium , ESET Internet Security , ESET Smart Security , ESET NOD32 Antivirus , DESlock+ Pro , and CompuSec ). The underlyin...

9.3CVSS7.7AI score0.01134EPSS
CVE
CVE
added 2012/08/25 9:0 p.m.48 views

CVE-2010-5160

The CVE-2010-5160 entry concerns ESET Smart Security 4.2.35.3 on Windows XP . It describes a race condition that allows local users to bypass kernel-mode hook handlers and run code that would otherwise be blocked by a handler, via certain user-space memory changes during hook-handler execution, r...

6.2CVSS6.9AI score0.00366EPSS