Local Privilege Escalation Vulnerability for ESET Smart Security

description-logoDescription

A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. This affects ESET Smart Security versions 13.2 and lower.

affected-products-logoAffected Applications

ESET Smart Security

CVE References

CVE-2020-26941