阿里云漏洞库

漏洞描述

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://support.eset.com/en/ca8268

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	eset	endpoint_antivirus	*	From (including) 6.0	Up to (excluding) 8.0.2053.0
	运行在以下环境
	应用	eset	endpoint_antivirus	*	From (including) 8.1	Up to (excluding) 8.1.2050.0
	运行在以下环境
	应用	eset	endpoint_antivirus	*	From (including) 9.0	Up to (excluding) 9.0.2046.0
	运行在以下环境
	应用	eset	endpoint_security	*	From (including) 6.0	Up to (excluding) 8.0.2053.0
	运行在以下环境
	应用	eset	endpoint_security	*	From (including) 8.1	Up to (excluding) 8.1.2050.0
	运行在以下环境
	应用	eset	endpoint_security	*	From (including) 9.0	Up to (excluding) 9.0.2046.0
	运行在以下环境
	应用	eset	file_security	*	From (including) 6.0	Up to (excluding) 8.0.12013.0
	运行在以下环境
	应用	eset	internet_security	*	From (including) 11.2	Up to (excluding) 15.1.12.0
	运行在以下环境
	应用	eset	mail_security	*	From (including) 6.0	Up to (excluding) 8.0.10020.0
	运行在以下环境
	应用	eset	mail_security	*	From (including) 6.0	Up to (excluding) 8.0.14011.0
	运行在以下环境
	应用	eset	nod32_antivirus	*	From (including) 11.2	Up to (excluding) 15.1.12.0
	运行在以下环境
	应用	eset	security	*	From (including) 6.0	Up to (excluding) 8.0.15009.0
	运行在以下环境
	应用	eset	server_security	*	From (including) 6.0
	运行在以下环境
	应用	eset	server_security	*	From (including) 8.0	Up to (excluding) 9.0.12012.0
	运行在以下环境
	应用	eset	smart_security	*	From (including) 11.2	Up to (excluding) 15.1.12.0

攻击路径

本地
攻击复杂度

低
权限要求

低
影响范围

未更改
用户交互

无
可用性

高
保密性

无
完整性

高

CWE-ID	漏洞类型
CWE-755	对异常条件的处理不恰当

eset smart_security 对异常条件的处理不恰当

漏洞描述

解决建议

参考链接

受影响软件情况