Race Condition in ESET NOD32 Antivirus Allowing Remote Code Execution
CVE-2007-3970

Currently unrated

Key Information:

Vendor: Eset Software
Status: Nod32 Antivirus
Vendor: CVE Published:; 25 July 2007

🔔 Create Eset Software Vulnerability Alert

What is CVE-2007-3970?

A race condition in ESET NOD32 Antivirus prior to version 2.2289 allows remote attackers to execute arbitrary code. Exploiting this vulnerability requires the targeted user to open a specially crafted CAB file, which can trigger heap corruption and potentially allow the execution of malicious code. This highlights the importance of keeping antivirus products up-to-date to protect against such vulnerabilities.

References

http://www.securityfocus.com/archive/1/474244/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securityreason.com/securityalert/2922

third-party-advisoryx_refsource_SREASON

http://secunia.com/advisories/26124

third-party-advisoryx_refsource_SECUNIA

EPSS Score

15% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2007
Vulnerability Reserved
Jul 25, 2007

JSON