Untrusted Search Path Vulnerability in ESET Products by Canon IT Solutions
CVE-2018-0649

7.8HIGH

Key Information:

Vendor: Canon It Solutions Inc.
Status: The Installers Of Multiple Canon It Solutions Inc. Software Programs
Vendor: CVE Published:; 7 September 2018

Summary

An untrusted search path vulnerability exists in the installers of multiple software programs from Canon IT Solutions Inc., such as ESET Smart Security and ESET NOD32 Antivirus. This vulnerability enables an attacker to exploit a Trojan horse DLL placed in a directory that is not properly secured. As a result, the attacker may gain elevated privileges, potentially compromising the integrity and security of the affected systems. Users of ESET products should ensure that they are using the latest versions and implement best practices to mitigate the risk associated with this type of vulnerability.

Affected Version(s)

The installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))

References

http://jvn.jp/en/jp/JVN41452671/index.html

third-party-advisoryx_refsource_JVN

https://eset-support.canon-its.jp/faq/show/10720?site_dom...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2018
Vulnerability Reserved
Nov 27, 2017