ESET Anti-Virus Bypass CAB Scanning

High Nessus Network Monitor Plugin ID 5009

Synopsis

The remote host is Missing a critical security patch or upgrade

Description

The remote client is running the ESET Anti-virus engine.

This version of ESET is vulnerable to a flaw wherein attackers can bypass the scan engine by submitting files within specially formatted 'CAB' archives. An attacker, exploiting this flaw, would be able to pass malicious code through the scan engine.

Solution

Upgrade to ESET update 4036 or higher.

Plugin Details

Severity: High

ID: 5009

Family: Web Clients

Published: 2004/08/18

Modified: 2016/01/22

Dependencies: 5013

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:X

Reference Information

BID: 34764