Ismael Briones has reported two vulnerabilities in Nod32 Antivirus, which potentially can be exploited by malicious users to gain escalated privileges, or by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors when cleaning, deleting, or renaming files detected as malware. These can be exploited to cause stack-based buffer overflows via a specially crafted directory containing malware with an overly long directory or path name.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 2.70.37.

Update to version 2.70.39.