CVE-2024-13990

Name of the Vulnerable Software and Affected Versions MicroWorld eScan AV (affected versions not specified)

Description The update mechanism in MicroWorld eScan AV lacked proper cryptographic verification of update packages. This allowed an attacker to perform a man-in-the-middle (MitM) attack and substitute malicious update payloads for legitimate ones. The client accepted these malicious packages, executing components like sideloaded DLLs and Java/installer payloads, which enabled remote code execution. MicroWorld eScan confirmed remediation of the update mechanism on 2023-07-31.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.