Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates
Vulnerability Description
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle (MitM) attack and substitute malicious update payloads for legitimate ones. The eScan AV client accepted these substituted packages and executed or loaded their components (including sideloaded DLLs and Java/installer payloads), enabling remote code execution on affected systems. MicroWorld eScan confirmed remediation of the update mechanism on 2023-07-31 but versioning details are unavailable. NOTE: MicroWorld eScan disputes the characterization in third-party reports, stating the issue relates to 2018–2019 and that controls were implemented then.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
MicroWorld eScan AV 安全漏洞
Vulnerability Description
MicroWorld eScan AV是印度MicroWorld公司的一款防范恶意软件的安全软件。 MicroWorld eScan AV存在安全漏洞,该漏洞源于更新机制未能确保更新包的真实性和完整性,可能导致中间人攻击和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A