HTTP: NOD32 AntiVirus ARJ Archive Handling Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the NOD32 AntiVirus. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.
Extended Description
NOD32 Antivirus is affected by a remote buffer overflow vulnerability when handling ARJ archives. An attacker may exploit this vulnerability to gain unauthorized remote access with SYSTEM privileges. NOD32 for Windows version 2.5 running nod32.002 version 1.033 build 1127 is reportedly affected, however, it is possible that other versions are vulnerable as well.
Affected Products
Eset nod32_antivirus
Short Name
HTTP:STC:DL:ARJ-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ARJ AntiVirus Archive Buffer CVE-2005-0350 CVE-2005-2903 CVE-2005-3051 Handling NOD32 Overflow bid:14773 bid:14925
Release Date
09/15/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3714
False Positive
Unknown
Vendors
Eset
CVSS Score
7.5
9.3