Oleksiuk Dmitry has discovered a vulnerability in ESET Smart Security and ESET NOD32 Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing LZH archives. This can be exploited to hang an affected system when a specially crafted LZH archive is scanned.
The vulnerability is confirmed in ESET Smart Security version 4.2.40.0 and ESET NOD32 Antivirus version 4.2.42.0. Other versions may also be affected.
Solution
Do not scan LZH archives using the application. Restrict local access to trusted users only.
Provided and/or discovered by
Oleksiuk Dmitry
Original Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0104.html
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation