NOD32 executes malicious code
Attackers may be able to inject malicious code into antivirus scanner NOD32. According to an entry at the Bugtraq security mailing list, attackers can get complete control of a vulnerable system if they manage, either locally or remotely, to save a file in a directory with a long path name. All versions of NOD32 prior to version 220.127.116.11, which was recently released via automatic update, allegedly contain the programming flaw.
Two buffer overflows occur when the susceptible pathnames are processed, causing the error. However, it is difficult to exploit. The overflow only occurs if the scanner disinfects, deletes, or renames a file in the folder. Furthermore, attackers have to formulate their malicious code so that it is displayed as a directory name encoded in Unicode. Nonetheless, a working exploit for the hole is said to exist. Users of NOD32 who install their updates manually are advised to do so immediately.
- NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities, Ismael Briones Bugtraq entry