CNNVD-202509-3095 Information
CNNVD ID
CNNVD-202509-3095
Related CVE
- CNNVD Published: 2025-09-19
Description (Chinese)
MicroWorld eScan AV是印度MicroWorld公司的一款防范恶意软件的安全软件。 MicroWorld eScan AV存在安全漏洞,该漏洞源于更新机制未能确保更新包的真实性和完整性,可能导致中间人攻击和远程代码执行。
Description (English)
MicroWorld eScan AV is a security software for malicious software at MicroWorld in India. There is a security gap in MicroWorld eScan AV, which stems from the failure of the updating mechanism to ensure the authenticity and integrity of the update package, which could lead to attacks by intermediaries and remote code implementation.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
MicroWorld
Published
2025-09-19
Last Modified
2026-02-24
References
https://arstechnica.com/security/2024/04/hackers-infect-users-of-antivirus-service-that-delivered-updates-over- https://blog.avast.com/leading-the-charge-against-guptiminer https://securityaffairs.com/162228/breaking-news/escan-antivirus-mitm-attack.html https://thehackernews.com/2024/04/escan-antivirus-update-mechanism.html https://www.bleepingcomputer.com/news/security/hackers-hijack-antivirus-updates-to-drop-guptiminer-malware/ https://www.escanav.com/en/about-us/eScan-update-advisory.asp https://www.gendigital.com/blog/insights/research/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining https://www.vulncheck.com/advisories/microworld-escan-av-insecure-update-mechanism-allows-mitm-replacement-of-updates https://access.redhat.com/security/cve/cve-2024-13990