Vulnerability CVE-2018-0649


Published: 2018-09-07

Description:
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Type:

CWE-426

(Untrusted Search Path)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
ESET -> Compusec 
ESET -> Deslock+ pro 
ESET -> Internet security 
ESET -> Nod32 antivirus 
ESET -> Smart security 
ESET -> Smart security premium 

 References:
http://jvn.jp/en/jp/JVN41452671/index.html
https://eset-support.canon-its.jp/faq/show/10720?site_domain=default

Copyright 2021, cxsecurity.com

 

Back to Top