Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5879

Overview

Vulnerability Score 8.2 8.2
CVE Id CVE-2012-5879
Last Modified 29 Mar 2013 10:18:15
Published 28 Mar 2013 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-5879

Summary

An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.

Vulnerable Systems

Application

  • Epo Mcafee Virtual Technician 1.0

  • Epo Mcafee Virtual Technician 1.0.4.0

  • Epo Mcafee Virtual Technician 1.0.7

  • Epo Mcafee Virtual Technician 1.0.8

  • Epo Mcafee Virtual Technician 1.0.9

  • Epo Mcafee Virtual Technician 6.5.0.2101

  • Mcafee Virtual Technician 6.3.0.1911

  • Mcafee Virtual Technician 6.5.0.2101


References

MISC - https://www.htbridge.com/advisory/HTB23128

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10040

SECTRACK - 1028357

BID - 58750

OSVDB - 91700

BUGTRAQ - 20130327 McAfee Virtual Technician ActiveX Control Insecure Method


Last Updated: 27 May 2016 11:02:08