PT-2012-1301 · Microsoft+1 · Help/Support Center+1

Published

2012-08-22

Updated

2012-08-22

CVE-2010-3496

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions McAfee VirusScan Enterprise versions 8.5i through 8.7i

Description The issue arises from improper interaction with the Microsoft Help and Support Center's processing of hcp:// URLs. This makes it easier for remote attackers to execute arbitrary code via malware. The product correctly detects the malware but does so too late to prevent code execution.

Recommendations For McAfee VirusScan Enterprise versions 8.5i through 8.7i, consider restricting access to the Microsoft Help and Support Center or temporarily disabling the handling of hcp:// URLs until a proper fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-3496

Affected Products

Mcafee Virusscan Enterprise

Help/Support Center

PT-2012-1301 · Microsoft+1 · Help/Support Center+1

CVE-2010-3496

Weakness Enumeration

Related Identifiers

Affected Products

References · 4