ESET Antivirus CAB Scan Evasion

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

An antivirus application installed on the remote host is affected by a
scan evasion vulnerability.

Description :

The ESET antivirus application installed on the remote host is
affected by a scan evasion vulnerability due to the virus definitions
being out of date. In this case, the virus signature database file
version of the installed antivirus product is prior to 4036. An
attacker can exploit this, by embedding malicious code in a specially
crafted CAB file, to evade detection by the scanning engine.

See also :

http://www.nessus.org/u?0af1769f
http://seclists.org/fulldisclosure/2009/Apr/290
http://www.nessus.org/u?c8c832ca

Solution :

Update the ESET virus signature database file to version 4036 or
later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 38651 (eset_cab_files_scan_evasion.nasl)

Bugtraq ID: 34764

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now