Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3657

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3657
Last Modified 07 Mar 2011 09:26:56
Published 21 Dec 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3657

Summary

The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.

Vulnerable Systems

Application

  • Mcafee Mcinsctl.dll 4.0.0.83

  • Mcafee Virusscan Security Center

  • Mcafee Virusscan Security Center 4.0

  • Mcafee Virusscan Security Center 4.0.3

  • Mcafee Virusscan Security Center 4.5

  • Mcafee Virusscan Security Center 4.5.1

  • Mcafee Virusscan Security Center 5.0

  • Mcafee Virusscan Security Center 6.0

  • Mcafee Virusscan Security Center 7.0

  • Mcafee Virusscan Security Center 7.1

  • Mcafee Virusscan Security Center 8.0

  • Mcafee Virusscan Security Center 9.0


References

VUPEN - ADV-2005-3006

BID - 15986

IDEFENSE - 20051220 McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite

SECUNIA - 18169

SECTRACK - 1015390

SREASON - 279


Last Updated: 27 May 2016 10:41:00