Lucene search
K

ESET Smart Security / NOD32 Antivirus LZH Processing Denial of Service

🗓️ 11 May 2010 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 16 Views

Vulnerability in ESET Smart Security/NOD32 Antivirus LZH Processin

Code

                                                Oleksiuk Dmitry has discovered a vulnerability in ESET Smart Security and ESET NOD32 Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing LZH archives. This can be exploited to hang an affected system when a specially crafted LZH archive is scanned.

The vulnerability is confirmed in ESET Smart Security version 4.2.40.0 and ESET NOD32 Antivirus version 4.2.42.0. Other versions may also be affected.

Solution
Do not scan LZH archives using the application. Restrict local access to trusted users only.

Provided and/or discovered by
Oleksiuk Dmitry

Original Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0104.html
                              

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation