PT-2013-1848 · Mcafee · Mcafee Virtual Technician+1

Publicado

2013-03-28

Atualizado

2013-03-29

CVE-2012-5879

CVSS v2.0

8.2

Alta

Vetor

AV:N/AC:M/Au:S/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions McAfee Virtual Technician versions 6.5.0.2101 and earlier ePO-MVT versions 6.5.0.2101 and earlier

Description The issue allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method in an ActiveX control in McHealthCheck.dll.

Recommendations For McAfee Virtual Technician versions 6.5.0.2101 and earlier, consider disabling the Save method in the ActiveX control until a patch is available. For ePO-MVT versions 6.5.0.2101 and earlier, consider disabling the Save method in the ActiveX control until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2012-5879

Produtos afetados

Mcafee Virtual Technician

Epo-Mvt

PT-2013-1848 · Mcafee · Mcafee Virtual Technician+1

CVE-2012-5879

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8