Local File Restore Issue in ESET NOD32 Antivirus
CVE-2006-1649

Currently unrated

Key Information:

Vendor: Eset Software
Status: Nod32 Antivirus
Vendor: CVE Published:; 6 April 2006

🔔 Create Eset Software Vulnerability Alert

What is CVE-2006-1649?

The ESET NOD32 Antivirus software, specifically versions before 2.51.26, contains a vulnerability in its 'quarantine a file' feature. When a user selects the 'restore to' option, it allows restoration to any directory with read access for the user, circumventing write-access restrictions. This flaw enables local users to create files in unintended locations, potentially leading to further exploitation.

References

http://www.osvdb.org/24393

vdb-entryx_refsource_OSVDB

http://securitytracker.com/id?1015867

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/17374

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2006
Vulnerability Reserved
Apr 6, 2006

JSON