Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0650

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2000-0650
Last Modified 05 Sep 2008 04:21:32
Published 11 Jul 2000 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-0650

Summary

The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.

Vulnerable Systems

Application

  • Network Associates Netshield 4.5

  • Network Associates Virusscan 4.5


References

BID - 1458

NTBUGTRAQ - 20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5

XF - nai-virusscan-netshield-autoupgrade(5177)

OSVDB - 4200


Last Updated: 27 May 2016 10:35:48