ESET Remote Administrator Script Insertion Vulnerability

Me and Ivan Markovic found vulnerability in ESET’s NOD32 Remote Administrator Server. Vulnerability is reported in version 3.x  and potentially can be exploited to compromise a user’s system. For successful attack you need Administrator account at NOD32 RAS to create a malicious report. Administrators and Read-only users are both affected if open malicious report.

Secunia confirmed this vulnerability.

Here is CVE ID: 2009-0548.