PT-2013-1848 · Mcafee · Mcafee Virtual Technician+1

Published

2013-03-28

Updated

2013-03-29

CVE-2012-5879

CVSS v2.0

8.2

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions McAfee Virtual Technician versions 6.5.0.2101 and earlier ePO-MVT versions 6.5.0.2101 and earlier

Description The issue allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method in an ActiveX control in McHealthCheck.dll.

Recommendations For McAfee Virtual Technician versions 6.5.0.2101 and earlier, consider disabling the Save method in the ActiveX control until a patch is available. For ePO-MVT versions 6.5.0.2101 and earlier, consider disabling the Save method in the ActiveX control until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-5879

Affected Products

Mcafee Virtual Technician

Epo-Mvt

PT-2013-1848 · Mcafee · Mcafee Virtual Technician+1

CVE-2012-5879

Weakness Enumeration

Related Identifiers

Affected Products

References · 8