Local Privilege Escalation Vulnerability for ESET Smart Security
Description
A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. This affects ESET Smart Security versions 13.2 and lower.
Affected Applications
ESET Smart Security