Ismael Briones has reported two vulnerabilities
in Nod32 Antivirus, which potentially can be exploited by malicious
users to gain escalated privileges, or by malicious people to
compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors when cleaning,
deleting, or renaming files detected as malware. These can be exploited
to cause stack-based buffer overflows via a specially crafted directory
containing malware with an overly long directory or path name.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.70.37.
Update to version 2.70.39.