Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-3499

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2010-3499
Last Modified 22 Aug 2012 12:00:00
Published 22 Aug 2012 06:42:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-3499

Summary

F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors."

Vulnerable Systems

Application

  • F-secure Anti-virus -


References

BUGTRAQ - 20101018 Antivirus detection after malware execution

MISC - http://www.n00bz.net/antivirus-cve


Last Updated: 27 May 2016 10:51:42