ESET Remote Administrator Script Insertion Vulnerability
Thursday, 5 February 2009
Me and Ivan Markovic found vulnerability in ESET’s NOD32 Remote Administrator Server. Vulnerability is reported in version 3.x and potentially can be exploited to compromise a user’s system. For successful attack you need Administrator account at NOD32 RAS to create a malicious report. Administrators and Read-only users are both affected if open malicious report.
Secunia confirmed this vulnerability.
Here is CVE ID: 2009-0548.
