dmknght

4 exploits Active since Feb 2025
CVE-2025-1366 WRITEUP MEDIUM WRITEUP
eScan Antivirus 7.0.32 - Stack-Based Buffer Overflow in VirusPopUp strcpy
A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this issue is the function strcpy of the component VirusPopUp. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.3
CVE-2025-1367 WRITEUP MEDIUM WRITEUP
eScan Antivirus 7.0.32 - Buffer Overflow in USB Password Handler
A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been classified as critical. This affects the function sprintf of the component USB Password Handler. The manipulation leads to buffer overflow. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.3
CVE-2025-1368 WRITEUP LOW WRITEUP
eScan Anti-Virus 7.0.32 - Buffer Overflow in ReadConfiguration Function
A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects the function ReadConfiguration of the file /opt/MicroWorld/etc/mwav.conf. The manipulation of the argument BasePath leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.3
CVE-2025-1369 WRITEUP MEDIUM WRITEUP
eScan Antivirus 7.0.32 - OS Command Injection in USB Password Handler
A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.5