PT-2001-1167 · Mcafee · Mcafee Virusscan

Published

2001-01-09

Updated

2008-09-05

CVE-2000-1128

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions McAfee VirusScan version 4.5

Description The default configuration of the software does not properly quote the ImagePath variable, which sets the search path incorrectly. This allows local users to place a Trojan horse program, such as "common.exe", in the C:Program Files directory.

Recommendations For McAfee VirusScan version 4.5, consider quoting the ImagePath variable to properly set the search path and prevent local users from placing malicious programs in the C:Program Files directory. As a temporary workaround, restrict access to the C:Program Files directory to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-1128

Affected Products

Mcafee Virusscan

PT-2001-1167 · Mcafee · Mcafee Virusscan

CVE-2000-1128

Related Identifiers

Affected Products

References · 3