NOD32 < 2.51.26 Antivirus Local File Overwrite

High Nessus Network Monitor Plugin ID 3503

Synopsis

The remote antivirus software can be tricked by local users into replacing system files.

Description

The remote host is running the NOD32 antivirus software. This software is vulnerable to a flaw where local users can execute arbitrary code by quarantining a file and then 'restoring' the file in such a manner that, when next executed, the file is run with SYSTEM privileges.

Solution

Upgrade to version 2.51.26 or higher.

See Also

http://www.nod32.com

Plugin Details

Severity: High

ID: 3503

File Name: 3503.prm

Family: Web Clients

Published: 2004/08/18

Modified: 2016/01/22

Dependencies: 1735, 8314

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.2

Temporal Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 8.4

Temporal Score: 8.2

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Reference Information

CVE: CVE-2006-1649

BID: 17374