Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4505

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-4505
Last Modified 07 Mar 2011 09:28:24
Published 22 Dec 2005 07:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4505

Summary

Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.

Vulnerable Systems

Application

  • Mcafee Common Management Agent 3.5

  • Mcafee Virusscan Enterprise 8.0i


References

VUPEN - ADV-2005-3077

BID - 16040

BUGTRAQ - 20051222 Privilege escalation in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5)

XF - mcafee-naprdmgr-privilege-escalation(23815)

SECTRACK - 1015404

SREASON - 292

MISC - http://reedarvin.thearvins.com/20051222-01.html


Last Updated: 27 May 2016 10:41:20