Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for smart_security_premium by eset

    CVE-2023-7043 (GCVE-0-2023-7043)

    Vulnerability from nvd – Published: 2024-01-31 12:51 – Updated: 2024-10-17 17:54
    VLAI
    Title
    Unquoted path privilege vulnerability in ESET products for Windows
    Summary
    Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    References
    Date Public
    2024-01-26 11:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:50:07.939Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.eset.com/en/ca8602"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7043",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-31T15:52:23.258496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T17:54:28.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.2063.x",
                  "status": "affected",
                  "version": "10.1.2046.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.2063.x",
                  "status": "affected",
                  "version": "10.1.2046.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "16.1.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "16.1.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "16.1.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.10012.0"
                }
              ]
            }
          ],
          "datePublic": "2024-01-26T11:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unquoted service path in ESET products allows to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edrop a prepared program to a specific location\u003c/span\u003e\u0026nbsp;and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erun on boot with \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe \n\nNT AUTHORITY\\NetworkService\u0026nbsp;permissions.\u003c/span\u003e"
                }
              ],
              "value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-31T12:52:10.301Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/en/ca8602"
            }
          ],
          "source": {
            "advisory": "ca8602",
            "discovery": "UNKNOWN"
          },
          "title": "Unquoted path privilege vulnerability in ESET products for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2023-7043",
        "datePublished": "2024-01-31T12:51:38.253Z",
        "dateReserved": "2023-12-21T12:14:56.731Z",
        "dateUpdated": "2024-10-17T17:54:28.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0649 (GCVE-0-2018-0649)

    Vulnerability from nvd – Published: 2018-09-07 14:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN41452671/index.html third-party-advisoryx_refsource_JVN
    https://eset-support.canon-its.jp/faq/show/10720?… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Canon IT Solutions Inc. The installers of multiple Canon IT Solutions Inc. software programs Affected: (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))
    Create a notification for this product.
    Date Public
    2018-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#41452671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN41452671/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "The installers of multiple Canon IT Solutions Inc. software programs",
              "vendor": "Canon IT Solutions Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "(ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))"
                }
              ]
            }
          ],
          "datePublic": "2018-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#41452671",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN41452671/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "The installers of multiple Canon IT Solutions Inc. software programs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Canon IT Solutions Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#41452671",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN41452671/index.html"
                },
                {
                  "name": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default",
                  "refsource": "CONFIRM",
                  "url": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0649",
        "datePublished": "2018-09-07T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:48.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-7043 (GCVE-0-2023-7043)

    Vulnerability from cvelistv5 – Published: 2024-01-31 12:51 – Updated: 2024-10-17 17:54
    VLAI
    Title
    Unquoted path privilege vulnerability in ESET products for Windows
    Summary
    Unquoted service path in ESET products allows to drop a prepared program to a specific location and run on boot with the NT AUTHORITY\NetworkService permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    References
    Date Public
    2024-01-26 11:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:50:07.939Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.eset.com/en/ca8602"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-7043",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-31T15:52:23.258496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T17:54:28.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.2063.x",
                  "status": "affected",
                  "version": "10.1.2046.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Endpoint Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.2063.x",
                  "status": "affected",
                  "version": "10.1.2046.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET NOD32 Antivirus",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "16.1.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Internet Security",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "16.1.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Smart Security Premium",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "lessThanOrEqual": "16.2.15.0",
                  "status": "affected",
                  "version": "16.1.14.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ESET Mail Security for Microsoft Exchange Server",
              "vendor": "ESET, spol. s r.o.",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.10012.0"
                }
              ]
            }
          ],
          "datePublic": "2024-01-26T11:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unquoted service path in ESET products allows to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edrop a prepared program to a specific location\u003c/span\u003e\u0026nbsp;and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erun on boot with \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe \n\nNT AUTHORITY\\NetworkService\u0026nbsp;permissions.\u003c/span\u003e"
                }
              ],
              "value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-31T12:52:10.301Z",
            "orgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
            "shortName": "ESET"
          },
          "references": [
            {
              "url": "https://support.eset.com/en/ca8602"
            }
          ],
          "source": {
            "advisory": "ca8602",
            "discovery": "UNKNOWN"
          },
          "title": "Unquoted path privilege vulnerability in ESET products for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4a9b9929-2450-4021-b7b9-469a0255b215",
        "assignerShortName": "ESET",
        "cveId": "CVE-2023-7043",
        "datePublished": "2024-01-31T12:51:38.253Z",
        "dateReserved": "2023-12-21T12:14:56.731Z",
        "dateUpdated": "2024-10-17T17:54:28.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0649 (GCVE-0-2018-0649)

    Vulnerability from cvelistv5 – Published: 2018-09-07 14:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN41452671/index.html third-party-advisoryx_refsource_JVN
    https://eset-support.canon-its.jp/faq/show/10720?… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Canon IT Solutions Inc. The installers of multiple Canon IT Solutions Inc. software programs Affected: (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))
    Create a notification for this product.
    Date Public
    2018-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#41452671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN41452671/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "The installers of multiple Canon IT Solutions Inc. software programs",
              "vendor": "Canon IT Solutions Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "(ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))"
                }
              ]
            }
          ],
          "datePublic": "2018-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#41452671",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN41452671/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "The installers of multiple Canon IT Solutions Inc. software programs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones))"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Canon IT Solutions Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#41452671",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN41452671/index.html"
                },
                {
                  "name": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default",
                  "refsource": "CONFIRM",
                  "url": "https://eset-support.canon-its.jp/faq/show/10720?site_domain=default"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0649",
        "datePublished": "2018-09-07T14:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:48.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }