Volerion logoVolerion
Volerion logoVolerion

Emsisoft Anti-Malware Net-NTLMv2 Hash Information Disclosure Vulnerability

Vulnerability

A vulnerability in the scanning module of Emsisoft Anti-Malware, affecting versions prior to 2024.12, allows remote attackers to obtain Net-NTLMv2 hash information. This is achieved through a specially crafted A2S (Emsisoft Custom Scan) extension file. When the file is opened, the application inadvertently transmits the NTLMv2 hash to the attacker's SMB server, facilitating unauthorized hash retrieval.

Impact

Exploitation of this vulnerability allows for unauthorized access to NTLMv2 hash information, which can be used in NTLM relay attacks or to crack the hash for privilege escalation, depending on the user's role.

Reproduction

To reproduce this vulnerability, create a fake SMB server using the responder tool on a remote server. Then, craft an A2S file that includes the IP address of the attacker. When the victim opens this file, the NTLMv2 hash will be sent to the attacker's server.

Remediation

Users are advised to update to Emsisoft Anti-Malware version 2024.12 or later.

Added: Aug 5, 2025, 3:38 PM
Updated: Aug 5, 2025, 3:38 PM

Vulnerability Rating

Custom Algorithm
spread
2.4
impact
3.3
exploitability
5.8
remediation
7.7
relevance
0.3
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.