CVE-2024-7400

Name of the Vulnerable Software and Affected Versions ESET versions prior to the fixed version

Description The issue is related to insufficient access control in ESET's antivirus protection, potentially allowing an attacker to misuse file operations during the removal of a detected file on the Windows operating system to delete files without proper permissions. This can be used to obtain elevated privileges. The vulnerability affects 13 ESET solutions and can be exploited by a low-privileged attacker to delete arbitrary files.

Recommendations As a temporary workaround, consider restricting access to the file operations handling during the removal of detected files until a patch is available. Update to the latest version of ESET to fix the vulnerability. Restrict access to the vulnerable file operations to minimize the risk of exploitation.