Heap-based Buffer Overflow in ESET NOD32 Archive Support Module
CVE-2015-8841

9.8CRITICAL

Key Information:

Vendor

Eset

Status
Nod32
Vendor
CVE Published:
12 April 2016

What is CVE-2015-8841?

A heap-based buffer overflow vulnerability exists in the Archive support module of ESET NOD32 prior to update 11861. This flaw can be exploited by remote attackers to execute arbitrary code through a specially crafted SIS_FILE_MULTILANG installation file that contains a large number of languages. The vulnerability arises from improper handling of memory during the extraction of multilingual archives, potentially compromising system integrity and security.

References

http://packetstormsecurity.com/files/136082/ESET-NOD32-He...
x_refsource_MISC
http://www.virusradar.com/en/update/info/11861
x_refsource_CONFIRM
https://bugs.chromium.org/p/project-zero/issues/detail?id...
x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.