Description
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions.
Affected products
- eset_software / nod32_antivirus1.0.11 – 1.0.11
- eset_software / nod32_antivirus1.0.12 – 1.0.12
- eset_software / nod32_antivirus1.0.13 – 1.0.13
- eset_software / nod32_antivirus2.5 – 2.5
References
- MISChttp://www.osvdb.org/24393
- MISChttp://securitytracker.com/id?1015867
- MISChttp://www.securityfocus.com/bid/17374
- MISChttp://securityreason.com/securityalert/672
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/25640
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1242
- MISChttp://www.securityfocus.com/archive/1/429892/100/0/threaded
- VENDOR_ADVISORYhttp://secunia.com/advisories/19054