First published: Fri Sep 07 2018(Updated: )
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Eset Compusec | ||
Eset Deslock\+ Pro | ||
ESET Internet Security | ||
Eset Nod32 Antivirus | ||
ESET Smart Security | ||
ESET Smart Security Premium |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2018-0649.
The vulnerability affects ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones) developed by Canon IT Solutions Inc.
The severity of the vulnerability is critical.
An attacker can exploit this vulnerability by using an untrusted search path in the installers of the affected software, allowing them to gain unauthorized privileges.
You can find more information about this vulnerability at the following references: [http://jvn.jp/en/jp/JVN41452671/index.html](http://jvn.jp/en/jp/JVN41452671/index.html) and [https://eset-support.canon-its.jp/faq/show/10720?site_domain=default](https://eset-support.canon-its.jp/faq/show/10720?site_domain=default).