Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1649

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-1649
Last Modified 07 Mar 2011 09:33:29
Published 06 Apr 2006 06:04:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1649

Summary

The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions.

Vulnerable Systems

Application

  • Eset Software Nod32 Antivirus 1.0.11

  • Eset Software Nod32 Antivirus 1.0.12

  • Eset Software Nod32 Antivirus 1.0.13

  • Eset Software Nod32 Antivirus 2.5


References

BID - 17374

BUGTRAQ - 20060404 NOD32 local privilege escalation vulnerability

XF - nod32-restoreto-file-upload(25640)

VUPEN - ADV-2006-1242

OSVDB - 24393

SECTRACK - 1015867

SECUNIA - 19054

SREASON - 672


Last Updated: 27 May 2016 10:42:09