Vulnerability Description
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eset | Cyber Security | < 1296 |
| Eset | Internet Security | < 1296 |
| Eset | Mobile Security | < 1296 |
| Eset | Nod32 Antivirus | < 1296 |
| Eset | Smart Security | < 1296 |
| Eset | Smart Tv Security | < 1296 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2020/Feb/21Mailing ListThird Party Advisory
- https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.htmlThird Party Advisory
- https://support.eset.com/en/ca7387-modules-review-december-2019Release Notes
- http://seclists.org/fulldisclosure/2020/Feb/21Mailing ListThird Party Advisory
- https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.htmlThird Party Advisory
- https://support.eset.com/en/ca7387-modules-review-december-2019Release Notes
FAQ
What is CVE-2020-9264?
CVE-2020-9264 is a vulnerability with a CVSS score of 5.5 (MEDIUM). ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Interne...
How severe is CVE-2020-9264?
CVE-2020-9264 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9264?
Check the references section above for vendor advisories and patch information. Affected products include: Eset Cyber Security, Eset Internet Security, Eset Mobile Security, Eset Nod32 Antivirus, Eset Smart Security.