CVE-2002-2282
https://notcve.org/view.php?id=CVE-2002-2282
McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0007.html http://www.securityfocus.com/bid/6288 https://exchange.xforce.ibmcloud.com/vulnerabilities/10741 •
CVE-2000-1128
https://notcve.org/view.php?id=CVE-2000-1128
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory. • http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html http://www.securityfocus.com/bid/1920 •
CVE-2000-0650
https://notcve.org/view.php?id=CVE-2000-0650
The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse. • http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753 http://www.osvdb.org/1458 http://www.osvdb.org/4200 http://www.securityfocus.com/bid/1458 https://exchange.xforce.ibmcloud.com/vulnerabilities/5177 •
CVE-2000-0502
https://notcve.org/view.php?id=CVE-2000-0502
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion. • http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html http://www.osvdb.org/6287 http://www.securityfocus.com/bid/1326 https://exchange.xforce.ibmcloud.com/vulnerabilities/4641 •
CVE-1999-1195
https://notcve.org/view.php?id=CVE-1999-1195
NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus definition file during an update via FTP, but it reports that the update was successful, which could cause a system administrator to believe that the definitions have been updated correctly. • http://marc.info/?l=bugtraq&m=92588169005196&w=2 http://marc.info/?l=ntbugtraq&m=92587579032534&w=2 http://www.securityfocus.com/bid/169 •