Stack-based Buffer Overflow in MicroWord eScan Antivirus on Linux
CVE-2025-1366

4.8MEDIUM

Key Information:

Vendor

Microword

Status
Escan Antivirus
Vendor
CVE Published:
17 February 2025

Badges

👾 Exploit Exists

What is CVE-2025-1366?

A vulnerability in MicroWord's eScan Antivirus 7.0.32 for Linux was identified in the strcpy function within the VirusPopUp component. This issue can lead to a stack-based buffer overflow, which could be exploited locally by an attacker. The exploit has been made public, and potential threats are increased due to the vendor's lack of response upon notification about the issue. Immediate attention and mitigation strategies are advised for users of the affected product.

Affected Version(s)

eScan Antivirus 7.0.32

References

https://vuldb.com/?id.295970
vdb-entrytechnical-description
https://vuldb.com/?ctiid.295970
signaturepermissions-required
https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb...
exploit

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.