Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0649

Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Published

2018-09-07T14:29:01.617

Last Modified

2024-11-21T03:38:39.803

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-426
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application eset compusec - Yes
Application eset deslock\+_pro - Yes
Application eset internet_security - Yes
Application eset nod32_antivirus - Yes
Application eset smart_security - Yes
Application eset smart_security_premium - Yes
References