4 results (0.007 seconds)

CVSS: 7.6EPSS: 0%CPEs: 20EXPL: 0

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. El AV engine antes de DAT 5600 en McAfee VirusScan, Total Protection, Internet Security, SecurityShield para Microsoft ISA Server, Security para Microsoft Sharepoint, Security para Email Servers, Email Gateway, y Active Virus Defense permite a atacantes remotos eludir la detección de virus a través de (1) un campo Headflags inválido de un archivo RAR malformado, (2) un campo Packsize inválido de un archivo RAR malformado, o (3) un campo Filelength de un archivo ZIP malformado. • http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html http://secunia.com/advisories/34949 http://www.securityfocus.com/archive/1/503173/100/0/threaded http://www.securityfocus.com/bid/34780 https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 54%CPEs: 10EXPL: 1

Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument. Desbordamiento de búfer en la función IsOldAppInstalled del control ActiveX McSubMgr.McSubMgr Subscription Manager (MCSUBMGR.DLL) en McAfee SecurityCenter anterior a 6.0.25 y 7.x anterior a 7.2.147 permite a atacantes remotos ejecutar código de su elección mediante un argumento manipulado. • https://www.exploit-db.com/exploits/3893 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528 http://osvdb.org/35874 http://secunia.com/advisories/25173 http://ts.mcafeehelp.com/faq3.asp?docid=419189 http://www.securityfocus.com/bid/23888 http://www.securityfocus.com/bid/23909 http://www.securitytracker.com/id?1018028 http://www.vupen.com/english/advisories/2007/1717 https://exchange.xforce.ibmcloud.com/vulnerabilities/34179 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory. Vulnerabilidad de ruta de búsqueda no confiable en McAfee VirusScan para Linux 4510e y versiones anteriores, incluye el directorio de trabajo actual en la variable de entorno DT_RPATH, que permite a usuarios locales cargar bibliotecas ELF DSO de su elección y ejecutar código de su elección instalando bibliotecas maliciosas en ese directorio. • http://secunia.com/advisories/23278 http://secunia.com/advisories/23429 http://security.gentoo.org/glsa/glsa-200612-15.xml http://securitytracker.com/id?1017385 http://www.securityfocus.com/bid/21592 http://www.vupen.com/english/advisories/2006/5023 https://exchange.xforce.ibmcloud.com/vulnerabilities/30898 •

CVSS: 6.8EPSS: 84%CPEs: 25EXPL: 1

Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf. Desbordamiento de búfer en control ActiveX McSubMgr (mcsubmgr.dll) en McAfee Security Center 6.0.23 para Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, y QuickClean permite a atacantes con la intervención del usuario ejecutar comandos de su elección a través de paráametros string, los cuales son posteriormente usados en vsprintf. • https://www.exploit-db.com/exploits/16510 http://secunia.com/advisories/21264 http://securitytracker.com/id?1016614 http://ts.mcafeehelp.com/faq3.asp?docid=407052 http://www.eeye.com/html/research/advisories/AD2006807.html http://www.eeye.com/html/research/upcoming/20060719.html http://www.kb.cert.org/vuls/id/481212 http://www.osvdb.org/27698 http://www.securityfocus.com/archive/1/442495/100/100/threaded http://www.securityfocus.com/bid/19265 http://www.vupen. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •