CVE-2006-1649

Name of the Vulnerable Software and Affected Versions: ESET NOD32 versions prior to 2.51.26

Description: The issue allows local users to create new files despite write-access directory permissions by exploiting the "restore to" selection in the "quarantine a file" capability. This can be triggered when the program does not drop its SYSTEM privileges before allowing a user to use the "Restore to..." feature to restore a quarantined file, potentially leading to a loss of integrity. It enables writing a file to an arbitrary directory with SYSTEM privileges if a file with the given filename does not already exist.

Recommendations: For versions prior to 2.51.26, update to version 2.51.26 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "Restore to..." feature in the "quarantine a file" capability to minimize the risk of exploitation.