CVE-2000-1128

Name of the Vulnerable Software and Affected Versions McAfee VirusScan version 4.5

Description The default configuration of the software does not properly quote the ImagePath variable, which sets the search path incorrectly. This allows local users to place a Trojan horse program, such as "common.exe", in the C:Program Files directory.

Recommendations For McAfee VirusScan version 4.5, consider quoting the ImagePath variable to properly set the search path and prevent local users from placing malicious programs in the C:Program Files directory. As a temporary workaround, restrict access to the C:Program Files directory to minimize the risk of exploitation.