n.runs AG=09=09=09=09=09 =20 http://www.nruns.com/=09=09=09 security(at)nruns.com n.runs-SA-2007.016 20-Jul-2007 ________________________________________________________________________ Vendor:=09 ESET, http://eset.com Affected Products:=09ESET NOD32 Antivirus Vulnerability: Arbitrary Code Execution (remote)=20 Risk:=09=09=09HIGH ________________________________________________________________________ Vendor communication: 2007/05/07=09=09Initial notification to ESET=20 2007/05/07=09=09ESET Response 2007/05/07=09=09PoC files sent to ESET 2007/05/10=09=09ESET validate the vulnerability 2007/05/24=09=09ESET made available the updates ________________________________________________________________________ Overview: =20 Founded in 1992, ESET is a global provider of security software for enterpr= ises and consumers. ESET=E2=80=99s award-winning, antivirus software system= , NOD32, provides real-time protection from known and unknown viruses, spyw= are, rootkits and other malware. NOD32 offers the smallest, fastest and mos= t advanced protection available, with more Virus Bulletin 100% Awards than = any other antivirus product. ESET was named to Deloitte=E2=80=99s Technolog= y Fast 500 five years running, and has an extensive partner network, includ= ing corporations like Canon, Dell and Microsoft. ESET has offices in Bratis= lava, SK; Bristol, U.K.; Buenos Aires, AR; Prague, CZ; San Diego, USA; and = is represented worldwide in more than 100 countries.=20 The broad product platform protects Windows, Linux, Novell and MS DOS machi= nes. Description: A remotely exploitable vulnerability has been found in the file parsing eng= ine. In detail, the following flaw was determined: - Heap Corruption through Race Condition in .CAB file parsing Impact: This problem can lead to remote arbitrary code execution if an attacker car= efully crafts a file that exploits the aforementioned vulnerability. The vu= lnerability is present in NOD32 Antivirus software versions prior to the up= date v.2.2289. Solution: The vulnerability was reported on May 07 and an update has been issued on M= ay 24 to solve this vulnerability through the regular update mechanism. ________________________________________________________________________ Credit:=20 Bugs found by Sergio Alvarez of n.runs AG.=20 ________________________________________________________________________ References:=20 http://www.eset.com/joomla/index.php?option=3Dcom_content&task=3Dview&id=3D= 3469&Itemid=3D26 This Advisory and Upcoming Advisories: http://www.nruns.com/security_advisory.php http://www.nruns.com/parsing-engines-advisories.php ________________________________________________________________________ Unaltered electronic reproduction of this advisory is permitted. For all ot= her reproduction or publication, in printing or otherwise, contact security= @nruns.com for permission. Use of the advisory constitutes acceptance for u= se in an "as is" condition. All warranties are excluded. In no event shall = n.runs be liable for any damages whatsoever including direct, indirect, inc= idental, consequential, loss of business profits or special damages, even i= f n.runs has been advised of the possibility of such damages.=20 Copyright 2007 n.runs AG. All rights reserved. Terms of apply.