Stack-Based Buffer Overflow Vulnerability in MicroWord eScan Antivirus on Linux
CVE-2025-1364

4.8MEDIUM

Key Information:

Vendor: Microword
Status: Escan Antivirus
Vendor: CVE Published:; 16 February 2025

Badges

👾 Exploit Exists

What is CVE-2025-1364?

A stack-based buffer overflow vulnerability exists in the USB Protection Service of MicroWord eScan Antivirus version 7.0.32 for Linux. This flaw enables an attacker to manipulate the 'passPrompt' function, resulting in the execution of arbitrary code on the local host. The vulnerability has been publicly disclosed and poses significant risk to users, especially if no software mitigation is applied. Despite early warnings, the vendor has not provided any response or solution to this critical issue.

Affected Version(s)

eScan Antivirus 7.0.32

References

https://vuldb.com/?id.295969

vdb-entrytechnical-description

https://vuldb.com/?ctiid.295969

signaturepermissions-required

https://vuldb.com/?submit.496481

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 16, 2025
👾
Exploit known to exist
Feb 16, 2025
Vulnerability published
Feb 16, 2025
Vulnerability Reserved
Feb 16, 2025

Credit

FPT IS Security (VulDB User)

Microword