Executive Summary

Informations
NameCVE-2007-3970First vendor Publication2007-07-25
VendorCveLast vendor Modification2018-10-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3970

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-26Leveraging Race Conditions
CAPEC-29Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Application8

Open Source Vulnerability Database (OSVDB)

idDescription
37976NOD32 Antivirus CAB File Handling Arbitrary Code Execution

Nessus® Vulnerability Scanner

DateDescription
2007-07-23Name : The remote Windows host has an application that is affected by multiple issues.
File : nod32_2289.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/24988
BUGTRAQ http://www.securityfocus.com/archive/1/474244/100/0/threaded
CONFIRM http://www.eset.com/joomla/index.php?option=com_content&task=view&id=...
SREASON http://securityreason.com/securityalert/2922
VUPEN http://www.vupen.com/english/advisories/2007/2602
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/35526

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2018-10-16 00:19:11
  • Multiple Updates
2018-08-14 00:19:29
  • Multiple Updates
2017-07-29 12:02:25
  • Multiple Updates
2016-06-28 16:46:25
  • Multiple Updates
2016-04-26 16:24:35
  • Multiple Updates
2014-02-17 10:41:06
  • Multiple Updates
2013-05-11 10:32:25
  • Multiple Updates