[原文]Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 1127, with active scanning enabled, allows remote attackers to execute arbitrary code via an ARJ archive containing a file with a long filename.
A remote overflow exists in NOD32. The application fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted ARJ archive that contains a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Eset Software has released a patch to address this vulnerability.