Untrusted Search Path Vulnerability in ESET Products by Canon IT Solutions
CVE-2018-0649
Summary
An untrusted search path vulnerability exists in the installers of multiple software programs from Canon IT Solutions Inc., such as ESET Smart Security and ESET NOD32 Antivirus. This vulnerability enables an attacker to exploit a Trojan horse DLL placed in a directory that is not properly secured. As a result, the attacker may gain elevated privileges, potentially compromising the integrity and security of the affected systems. Users of ESET products should ensure that they are using the latest versions and implement best practices to mitigate the risk associated with this type of vulnerability.
Affected Version(s)
The installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved