Local Privilege Escalation Vulnerability for ESET NOD32 Antivirus
Description
A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. This affects ESET NOD32 Antivirus versions 13.2 and lower.
Affected Applications
ESET NOD32 Antivirus