| VID |
28180 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The NOD32 AntiVirus program is vulnerable to a local file creation vulnerability. NOD32 is an AntiVirus program for Microsoft Windows and Unix-based operating systems. NOD32 AntiVirus versions prior to 2.51.26 could allow a local attacker to upload files to an arbitrary directory, caused by a vulnerability in the 'Restore to' feature. A local attacker could exploit this vulnerability to write a file to an arbitrary directory on the affected host with elevated privileges and to gain Administrator/SYSTEM privileges on the host.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.securityfocus.com/archive/1/429892/30/0/threaded
http://secunia.com/advisories/19054/
* Platforms Affected:
Eset, NOD32 AntiVirus versions prior to 2.51.26
Microsoft Windows NT 4.0, 2000, 2003, and XP |
| Recommendation |
Upgrade to the latest version of NOD32 (2.51.26 or later), available from the NOD32 Download Web page at http://www.nod32.com/download/download.htm |
| Related URL |
CVE-2006-1649 (CVE) |
| Related URL |
17374 (SecurityFocus) |
| Related URL |
25640 (ISS) |
|
