Filtered by vendor Microworld Technologies Subscriptions
Filtered by product Escan Subscriptions

Search

Switch to Advanced Search (Beta)
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-13990 1 Microworld Technologies 1 Escan 2025-09-22 N/A
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle (MitM) attack and substitute malicious update payloads for legitimate ones. The eScan AV client accepted these substituted packages and executed or loaded their components (including sideloaded DLLs and Java/installer payloads), enabling remote code execution on affected systems. MicroWorld eScan confirmed remediation of the update mechanism on 2023-07-31 but versioning details are unavailable. NOTE: MicroWorld eScan disputes the characterization in third-party reports, stating the issue relates to 2018–2019 and that controls were implemented then.
CVE-2007-0655 1 Microworld Technologies 1 Escan 2025-04-09 N/A
The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.
CVE-2007-2687 1 Microworld Technologies 1 Escan 2025-04-09 N/A
Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command.
CVE-2008-1221 1 Microworld Technologies 3 Escan, Escan Management Console, Escan Server 2025-04-09 N/A
Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.