Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability

Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability

NOD32 Antivirus is affected by a local arbitrary file-creation vulnerability. This issue is due to the application's failure to properly drop SYSTEM privileges when performing operations on behalf of a local user. Attackers cannot overwrite already-existing files by exploiting this issue.

This issue allows local attackers to create files in arbitrary locations with SYSTEM-level privileges. This may allow then them to execute arbitrary code with elevated privileges, facilitating the compromise of affected computers.

Versions prior to 2.51.26 are affected by this issue.