Page 4 of 22 results (0.022 seconds)

CVSS: 2.6EPSS: 0%CPEs: 8EXPL: 0

McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module. McAfee VirusScan Enterprise antes de v8.8 permite a los usuarios locales desactivar el producto aprovechándose de privilegios de administrador para ejecutar un módulo de Metasploit Framework no especificado. • https://kc.mcafee.com/corporate/index?page=content&id=SB10014 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0

Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share. Vulnerabilidad de path de búsqueda no confiable en McAfee VirusScan Enterprise before v8.7i permite a usuarios locales obtener privilegios a través de una DLL troyanizada en un directorio no especificado, como se demostró escaneando un documento que estaba en un recurso compartido remoto. • https://exchange.xforce.ibmcloud.com/vulnerabilities/78448 https://kc.mcafee.com/corporate/index?page=content&id=SB10013 •

CVSS: 6.4EPSS: 2%CPEs: 2EXPL: 1

McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. McAfee VirusScan Enterprise v8.5i y v8.7i no interactúan de forma adecuada con el procesado de URLs hcp:// debido a la ayuda y centro de soporte de Microsoft, lo que facilita a los atacantes remotos ejecutar código a través de malware que se detecta correctamente por este producto, pero con una detección que se produce demasiado tarde para detener la ejecución de código. • http://www.n00bz.net/antivirus-cve http://www.securityfocus.com/archive/1/514356 https://kc.mcafee.com/corporate/index?page=content&id=SB10012 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.9EPSS: 78%CPEs: 1EXPL: 0

Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. Desbordamiento de búfer en On-Access Scanner de McAfee VirusScan Enterprise versiones anteriores a 8.0i Patch 12, permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un nombre de fichero largo conteniendo caracteres multi-byte (Unicode). • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=515 http://secunia.com/advisories/24914 http://www.kb.cert.org/vuls/id/324929 http://www.securityfocus.com/bid/23543 http://www.securitytracker.com/id?1017928 http://www.vupen.com/english/advisories/2007/1435 https://exchange.xforce.ibmcloud.com/vulnerabilities/33732 https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=612750&command=show&forward=nonthreadedKC •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product ** IMPUGNADA ** McAfee VirusScan Enterprise 8.5.0.i utiliza permisos inseguros para ciertas claves del registro de Windows, lo cual permite a usuarios locales evitar la protección local de contraseñas mediante el valor UIP en (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection o (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTA: este asunto ha sido impugnado por investigadores de una tercera parte, afirmando que los permisos por defecto para HKEY_LOCAL_MACHINE\SOFTWARE no permiten la escritura y el producto no modifica los permisos heredados. Podría haber un error de interacción con otro producto. • http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html http://www.osvdb.org/33800 http://www.securityfocus.com/archive/1/463074/100/0/threaded http://www.securityfocus.com/archive/1/463091/100/0/threaded http://www.securityfocus.com/archive/1/463187/100/0/threaded http://www.securitytracker.com/id?1017791 •