Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability


NOD32 Antivirus is affected by a local arbitrary file-creation vulnerability. This issue is due to the application's failure to properly drop SYSTEM privileges when performing operations on behalf of a local user. Attackers cannot overwrite already-existing files by exploiting this issue.

This issue allows local attackers to create files in arbitrary locations with SYSTEM-level privileges. This may allow then them to execute arbitrary code with elevated privileges, facilitating the compromise of affected computers.

Versions prior to 2.51.26 are affected by this issue.


 

Privacy Statement
Copyright 2010, SecurityFocus