CVE-2020-9264

EUVD-2020-30093
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
esetcyber_security
𝑥
< 1296
esetcyber_security
𝑥
< 1296
esetinternet_security
𝑥
< 1296
esetnod32_antivirus
𝑥
< 1296
esetsmart_security
𝑥
< 1296
esetsmart_tv_security
𝑥
< 1296
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2020/Feb/21
https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html
https://support.eset.com/en/ca7387-modules-review-december-2019
http://seclists.org/fulldisclosure/2020/Feb/21
https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html
https://support.eset.com/en/ca7387-modules-review-december-2019