CVE-2023-7043 – Unquoted path privilege vulnerability in ESET products for Windows
https://notcve.org/view.php?id=CVE-2023-7043
Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions. La ruta de servicio sin comillas en los productos ESET permite colocar un programa preparado en una ubicación específica y ejecutarlo al arrancar con los permisos NT AUTHORITY\NetworkService. • https://support.eset.com/en/ca8602 • CWE-428: Unquoted Search Path or Element •
CVE-2020-10193
https://notcve.org/view.php?id=CVE-2020-10193
ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1294, permite una omisión de detección de virus por medio de una Información de Compresión RAR en un archivo. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security para Android, Smart TV Security, y NOD32 Antivirus 4 para Linux Desktop. • https://blog.zoller.lu/p/from-low-hanging-fruit-department_13.html • CWE-436: Interpretation Conflict •
CVE-2020-10180
https://notcve.org/view.php?id=CVE-2020-10180
The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. El motor de análisis de ESET AV, permite omitir la detección de virus por medio de un campo BZ2 Checksum diseñado en un archivo. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security y NOD32 Antivirus 4 para Linux Desktop. • https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html • CWE-436: Interpretation Conflict •
CVE-2020-9264
https://notcve.org/view.php?id=CVE-2020-9264
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. ESET Archive Support Module versiones anteriores a 1296, permite omitir la detección de virus por medio de un Compression Information Field diseñado en un archivo ZIP. Esto afecta a las versiones anteriores a 1294 de Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security para Android, Smart TV Security y NOD32 Antivirus 4 para Linux Desktop. • http://seclists.org/fulldisclosure/2020/Feb/21 https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html https://support.eset.com/en/ca7387-modules-review-december-2019 • CWE-436: Interpretation Conflict •