Vulnerability Description
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eset Software | Nod32 Antivirus | 1.0.11 |
References
- http://secunia.com/advisories/19054
- http://securityreason.com/securityalert/672
- http://securitytracker.com/id?1015867
- http://www.osvdb.org/24393
- http://www.securityfocus.com/archive/1/429892/100/0/threaded
- http://www.securityfocus.com/bid/17374ExploitPatch
- http://www.vupen.com/english/advisories/2006/1242
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25640
- http://secunia.com/advisories/19054
- http://securityreason.com/securityalert/672
- http://securitytracker.com/id?1015867
- http://www.osvdb.org/24393
- http://www.securityfocus.com/archive/1/429892/100/0/threaded
- http://www.securityfocus.com/bid/17374ExploitPatch
- http://www.vupen.com/english/advisories/2006/1242
FAQ
What is CVE-2006-1649?
CVE-2006-1649 is a vulnerability with a CVSS score of 7.2 (HIGH). The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users ...
How severe is CVE-2006-1649?
CVE-2006-1649 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1649?
Check the references section above for vendor advisories and patch information. Affected products include: Eset Software Nod32 Antivirus.