Untrusted Search Path Vulnerability in ESET Products by Canon IT Solutions
CVE-2018-0649

7.8HIGH

Key Information:

Summary

An untrusted search path vulnerability exists in the installers of multiple software programs from Canon IT Solutions Inc., such as ESET Smart Security and ESET NOD32 Antivirus. This vulnerability enables an attacker to exploit a Trojan horse DLL placed in a directory that is not properly secured. As a result, the attacker may gain elevated privileges, potentially compromising the integrity and security of the affected systems. Users of ESET products should ensure that they are using the latest versions and implement best practices to mitigate the risk associated with this type of vulnerability.

Affected Version(s)

The installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.