CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-5118
https://notcve.org/view.php?id=CVE-2009-5118
Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share. Vulnerabilidad de path de búsqueda no confiable en McAfee VirusScan Enterprise before v8.7i permite a usuarios locales obtener privilegios a través de una DLL troyanizada en un directorio no especificado, como se demostró escaneando un documento que estaba en un recurso compartido remoto. • https://exchange.xforce.ibmcloud.com/vulnerabilities/78448 https://kc.mcafee.com/corporate/index?page=content&id=SB10013 •
CVSS: 6.4EPSS: 2%CPEs: 2EXPL: 1CVE-2010-3496
https://notcve.org/view.php?id=CVE-2010-3496
McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. McAfee VirusScan Enterprise v8.5i y v8.7i no interactúan de forma adecuada con el procesado de URLs hcp:// debido a la ayuda y centro de soporte de Microsoft, lo que facilita a los atacantes remotos ejecutar código a través de malware que se detecta correctamente por este producto, pero con una detección que se produce demasiado tarde para detener la ejecución de código. • http://www.n00bz.net/antivirus-cve http://www.securityfocus.com/archive/1/514356 https://kc.mcafee.com/corporate/index?page=content&id=SB10012 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1538
https://notcve.org/view.php?id=CVE-2007-1538
McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product ** IMPUGNADA ** McAfee VirusScan Enterprise 8.5.0.i utiliza permisos inseguros para ciertas claves del registro de Windows, lo cual permite a usuarios locales evitar la protección local de contraseñas mediante el valor UIP en (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection o (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTA: este asunto ha sido impugnado por investigadores de una tercera parte, afirmando que los permisos por defecto para HKEY_LOCAL_MACHINE\SOFTWARE no permiten la escritura y el producto no modifica los permisos heredados. Podría haber un error de interacción con otro producto. • http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html http://www.osvdb.org/33800 http://www.securityfocus.com/archive/1/463074/100/0/threaded http://www.securityfocus.com/archive/1/463091/100/0/threaded http://www.securityfocus.com/archive/1/463187/100/0/threaded http://www.securitytracker.com/id?1017791 •