Описание
The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mcafee:mcinsctl.dll:4.0.0.83:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:*:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:4.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:4.5:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:7.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:8.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_security_center:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00693
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.
EPSS
Процентиль: 71%
0.00693
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other