ESET Customer Advisory 2015-0002
July 10th, 2015
ESET has distributed fixes for vulnerabilities that the Google Project Zero team reported in the scanning and emulation routines of several ESET products. Fixes for all reported issues were distributed in regular in-product updates, which are automatically downloaded by ESET products with a working internet connection and valid license.
Fixes for all of the issues reported have been made available through regular in-product updates which are automatically downloaded by ESET products. The following updates and module versions resolve the issues mentioned in this advisory:
- Virus signature database 11905 and later
- Archive support module 1232 and later (distributed with virus signature database 11884)
- Advanced heuristics module 1156 and later (distributed with virus signature database 11865)
To ensure that you are not exposed to these issues: Make sure that clients on your network or personal computers are using virus signature database 11905 or later to resolve all issues reported. Visit the appropriate Knowledgebase article below to check which virus signature database version is in use on your network or personal computer:
On June 19th, 2015, ESET received a report detailing a vulnerability that could be exploited to perform a code execution attack with system privileges. The vulnerability was found in the emulation routine used in a particular scanner for a specific malware family. A fix was made available on June 22nd, 2015.
On June 26th, 2015, a second report was received. This report involved a vulnerability in a product module used to examine a specific archive type. The issue could cause the ESET service to stop and could be exploited to perform a code execution attack with escalated privileges. A fix for this issue was released on June 29th, 2015.
Six additional reports were received from June 30th to July 6th, 2015. While none of the additional reports involved exploits in ESET software, the issues reported could cause scanning routines to malfunction and potentially stop the ESET service (the service restarts automatically when stopped in this way). All issues have been resolved in updates distributed in regular in-product updates.
Affected Programs and Versions
- ESET Endpoint Security & ESET Endpoint Antivirus for Windows and Mac OS X
- ESET NOD32 Antivirus Business Edition for Linux
- ESET Smart Security & ESET NOD32 Antivirus for Windows
- ESET Cyber Security & ESET Cyber Security Pro for Mac OS X
- All ESET server products except for ESET Remote Administrator
These issues were reported to ESET by Google Project Zero Team researcher Tavis Ormandy