CVE-2024-7400

Sept. 30, 2024, 12:46 p.m.

None
No Score

Description

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.

Product(s) Impacted

Product Versions
ESET Antivirus
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1386
Insecure Operation on Windows Junction / Mount Point
The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.

References

https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows

Tags

security@eset.com
2024-09-27
CVE-2024-7400
CWE-1386

Timeline

Published: Sept. 27, 2024, 7:15 a.m.
Last Modified: Sept. 30, 2024, 12:46 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@eset.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.