MicroWorld eScan Antivirus Quarantine Handler Incorrect Default Permissions Vulnerability

A vulnerability exists in MicroWorld eScan Antivirus for Linux, specifically in version 7.0.32. The issue arises within the Quarantine Handler component, where the default permissions of the quarantine folders are set to 777. This misconfiguration allows any unprivileged user to modify the contents of these folders. As a result, malicious files can be introduced into the quarantine, evading detection by the antivirus's real-time protection service, which excludes the quarantine folders from monitoring.

Impact

Exploitation of this vulnerability allows for evasion of the antivirus's real-time protection, enabling malware to be executed without detection.

Reproduction

To reproduce this vulnerability, first create a test file that is detected as malware by the eScan Antivirus real-time protection service. Once the file is quarantined, it can be observed that the contents remain unencrypted. The incorrect default permissions of the quarantine folders allow for modification of the files within. After a file is placed in quarantine, it can be executed from the quarantine folder, bypassing the antivirus's protection.