| VID |
28181 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The NOD32 AntiVirus program is vulnerable to multiple file processing vulnerabilities. NOD32 is an AntiVirus program for Microsoft Windows and Unix-based operating systems. The virus signature database versions prior to 1.1743 of NOD32 AntiVirus 2.x are vulnerable to a heap-based buffer overflow vulnerability and a denial of service attack, caused by improper processing of '.doc', '.cab', and '.chm' files. A remote attacker could exploit these vulnerabilities to execute arbitrary code on the affected host or to cause the affected service to crash.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2006-12/0357.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-12/0370.html
http://www.frsirt.com/english/advisories/2006/5095
* Platforms Affected:
Eset, NOD32 Antivirus version 2.x prior to 1.1743
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of ESET NOD32's virus signature database (1.1743 or later), available from the ESET Web site at http://eset.com/support/updates.php |
| Related URL |
CVE-2006-6676,CVE-2006-6677 (CVE) |
| Related URL |
21682,21701 (SecurityFocus) |
| Related URL |
31005,31006 (ISS) |
|
