CVE-2024-13188

Name of the Vulnerable Software and Affected Versions MicroWorld eScan Antivirus version 7.0.32

Description A critical issue affects some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler, leading to incorrect default permissions. The attack must be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For MicroWorld eScan Antivirus version 7.0.32, consider changing the default permissions of the /opt/MicroWorld/var/ directory to prevent exploitation until a patch is available. As a temporary workaround, restrict local access to the Installation Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.