| VID |
28179 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The NOD32 AntiVirus program is vulnerable to a buffer overflow attack via an ARJ archive. NOD32 is an AntiVirus program for Microsoft Windows and Unix-based operating systems. NOD32 AntiVirus 2.5 with nod32.002 versions prior to 1.034 build 1132 are vulnerable to a heap-based buffer overflow vulnerability when processing ARJ archives with long filenames. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected host.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0149.html
http://secunia.com/advisories/16604/
* Platforms Affected:
Eset, NOD32 AntiVirus 2.5 with nod32.002 versions prior to 1.034 build 1132
Microsoft Windows NT 4.0, 2000, 2003, and XP |
| Recommendation |
Upgrade to the latest version of NOD32 (1.034 build 1132 or later), available from the NOD32 Download Web page at http://www.nod32.com/download/download.htm |
| Related URL |
CVE-2005-2903 (CVE) |
| Related URL |
14773 (SecurityFocus) |
| Related URL |
22203 (ISS) |
|
