PT-2020-11959 · Eset · Eset Nod32 Antivirus+6
Thierry Zoller
·
Published
2020-03-05
·
Updated
2021-07-21
·
CVE-2020-10180
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ESET Smart Security Premium versions prior to 1294
ESET Internet Security versions prior to 1294
ESET NOD32 Antivirus versions prior to 1294
ESET Cyber Security Pro (macOS) versions prior to 1294
ESET Cyber Security (macOS) versions prior to 1294
ESET Mobile Security for Android versions prior to 1294
ESET Smart TV Security versions prior to 1294
ESET NOD32 Antivirus 4 for Linux Desktop versions prior to 1294
Description
The issue allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This is due to a problem in the ESET AV parsing engine.
Recommendations
For ESET Smart Security Premium versions prior to 1294, update to version 1294 or later.
For ESET Internet Security versions prior to 1294, update to version 1294 or later.
For ESET NOD32 Antivirus versions prior to 1294, update to version 1294 or later.
For ESET Cyber Security Pro (macOS) versions prior to 1294, update to version 1294 or later.
For ESET Cyber Security (macOS) versions prior to 1294, update to version 1294 or later.
For ESET Mobile Security for Android versions prior to 1294, update to version 1294 or later.
For ESET Smart TV Security versions prior to 1294, update to version 1294 or later.
For ESET NOD32 Antivirus 4 for Linux Desktop versions prior to 1294, update to version 1294 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eset Cyber Security
Eset Internet Security
Eset Mobile Security For Android
Eset Nod32 Antivirus
Eset Nod32 Antivirus 4 For Linux Desktop
Eset Smart Security Premium
Eset Smart Security