Signature Detail
Short Name |
HTTP:STC:DL:ARJ-BO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
NOD32 AntiVirus ARJ Archive Handling Buffer Overflow |
Release Date |
2010/09/15 |
Update Number |
1773 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: NOD32 AntiVirus ARJ Archive Handling Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the NOD32 AntiVirus. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.
Extended Description
NOD32 Antivirus is affected by a remote buffer overflow vulnerability when handling ARJ archives. An attacker may exploit this vulnerability to gain unauthorized remote access with SYSTEM privileges. NOD32 for Windows version 2.5 running nod32.002 version 1.033 build 1127 is reportedly affected, however, it is possible that other versions are vulnerable as well.
Affected Products
- Eset NOD32 Antivirus 2.5.0
References
- BugTraq: 14925
- BugTraq: 14773
- CVE: CVE-2005-0350
- CVE: CVE-2005-3051
- CVE: CVE-2005-2903