CVE-2016-3984 – McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass
https://notcve.org/view.php?id=CVE-2016-3984
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys. El McAfee VirusScan Console (mcconsol.exe) en McAfee Active Response (MAR) en versiones anteriores a 1.1.0.161, Agent (MA) 5.x en versiones anteriores a 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) en versiones anteriores a 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 en versiones anteriores a Patch 6 y 9.4 en versiones anteriores a Patch 1 HF3, Device Control (MDC) 9.3 en versiones anteriores a Patch 6 y 9.4 en versiones anteriores a Patch 1 HF3, Endpoint Security (ENS) 10.x en versiones anteriores a 10.1, Host Intrusion Prevention Service (IPS) 8.0 en versiones anteriores a 8.0.0.3624 y VirusScan Enterprise (VSE) 8.8 en versiones anteriores a P7 (8.8.0.1528) en Windows permite a administradores locales eludir las reglas destinadas a la autoprotección y desactivar el motor del antivirus modificando claves de registro. • https://www.exploit-db.com/exploits/39531 http://lab.mediaservice.net/advisory/2016-01-mcafee.txt http://seclists.org/fulldisclosure/2016/Mar/13 http://www.securitytracker.com/id/1035130 https://kc.mcafee.com/corporate/index?page=content&id=SB10151 • CWE-284: Improper Access Control •
CVE-2014-4973
https://notcve.org/view.php?id=CVE-2014-4973
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. El controlador del filtro NIDS de ESET Personal Firewall (EpFwNdis.sys) en el módulo del Firewall Build 1183 (20140214) y anteriores en productos ESET Smart Security y ESET Endpoint Security 5.0 hasta 7.0 permite a usuarios locales ganar privilegios a través de un argumento manipulado en una llamada IOCTL 0x830020CC. • http://seclists.org/fulldisclosure/2014/Aug/52 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973 • CWE-20: Improper Input Validation •
CVE-2006-5646 – Sophos AntiVirus - '.CHM' File Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-5646
Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0. Desbordamiento de búfer basado en montón en Sophos Anti-Virus y Endpoint Security versiones anteriores a 6.0.5, Anti-Virus para Linux anteriores a 5.0.10, y otras plataformas anteriores a 4.11, cuando el escaneo de archivos está habilitado, permite a atacantes remotos disparar una denegación de servicio (corrupción de memoria) a través de un archivo CHM con una cabecera de descompresión LZX que especifica un tamaño de ventana 0. • https://www.exploit-db.com/exploits/2910 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=452 http://secunia.com/advisories/22591 http://securitytracker.com/id?1017132 http://www.securityfocus.com/bid/20816 http://www.sophos.com/support/knowledgebase/article/7609.html http://www.vupen.com/english/advisories/2006/4239 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-5647 – Sophos AntiVirus - '.CHM' Chunk Name Length Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2006-5647
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability." Sophos Anti-Virus y Endpoint Security versiones anteriores a 6.0.5, Anti-Virus para Linux anteriores a 5.0.10, y otras plataformas anteriores a 4.11 permite a atacantes remotos provocar una denegación de servicio (corrupción o agotamiento de memoria) y posiblemente ejecutar código de su elección mediante un fichero CHM mal formado con manipulaciones concretas del segmento de cabecera CHM, también conocido como "vulnerabilidad de agotamiento de memoria en longitud de nombre CHM". • https://www.exploit-db.com/exploits/2911 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=451 http://secunia.com/advisories/22591 http://securitytracker.com/id?1017132 http://www.securityfocus.com/bid/20816 http://www.sophos.com/support/knowledgebase/article/7609.html http://www.vupen.com/english/advisories/2006/4239 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-5645 – Sophos / Trend Micro AntiVirus - '.RAR' File Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-5645
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero. Sophos Anti-Virus y Endpoint Security anteriores a 6.0.5, Anti-virus para Linux 5.0.10, y otras plataformas en versiones anteriores a la 4.11, permite a atacantes remotos causar denegación de servicio (bucle infinito) mediante un fichero RAR mal formado con una sección de Cabecera de Archivo con los campos head_size y pack_size puestos a cero. • https://www.exploit-db.com/exploits/2912 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 http://secunia.com/advisories/22591 http://securitytracker.com/id?1017132 http://www.securityfocus.com/archive/1/474683/100/0/threaded http://www.securityfocus.com/bid/20816 http://www.securitytracker.com/id?1018450 http://www.sophos.com/support/knowledgebase/article/7609.html http://www.vupen.com/english/advisories/2006/4239 • CWE-399: Resource Management Errors •