Lucene search

MitreCVE-2007-3970

HistoryJul 25, 2007 - 5:30 p.m.

CVE-2007-3970

2007-07-2517:30:00

CWE-362

mitre

web.nvd.nist.gov

cve-2007-3970

eset nod32 antivirus

race condition

remote code execution

heap corruption

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.045

Percentile

92.6%

JSON

Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.

Affected configurations

Nvd

Node

esetnod32_antivirusRange<2.2289

VendorProductVersionCPE
esetnod32_antivirus*cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eset	nod32_antivirus	*	cpe:2.3:a:eset:nod32_antivirus::::::::

References

osvdb.org/37976

secunia.com/advisories/26124

securityreason.com/securityalert/2922

www.eset.com/joomla/index.php?option=com_content&task=view&id=3469&Itemid=26

www.nruns.com/%5Bn.runs-SA-2007.016%5D%20-%20NOD32%20Antivirus%20CAB%20parsing%20Arbitrary%20Code%20Execution%20Advisory.pdf

www.nruns.com/%5Bn.runs-SA-2007.016%5D%20-%20NOD32%20Antivirus%20CAB%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt

www.securityfocus.com/archive/1/474244/100/0/threaded

www.securityfocus.com/bid/24988

www.vupen.com/english/advisories/2007/2602

exchange.xforce.ibmcloud.com/vulnerabilities/35526

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

0.045

Percentile

92.6%

JSON

Related for CVE-2007-3970