CVE-2020-9264
MEDIUMESET Cyber Security < 1296 - Virus Detection Bypass via ZIP Archive Compression Information Field
Title source: llmDescription
ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop.
References (3)
Core 3
Core References
Release Notes x_refsource_misc
https://support.eset.com/en/ca7387-modules-review-december-2019
Third Party Advisory x_refsource_misc
https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Feb/21
Scores
CVSS v3
5.5
EPSS
0.0118
EPSS Percentile
63.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-436
Status
published
Products (7)
eset/cyber_security
< 1296 (2 CPE variants)
eset/internet_security
< 1296
eset/mobile_security
< 1296
eset/nod32_antivirus
4
eset/nod32_antivirus
< 1296
eset/smart_security
< 1296
eset/smart_tv_security
< 1296
Published
Feb 18, 2020
Tracked Since
Feb 18, 2026