CVSS: 8.2EPSS: 81%CPEs: 8EXPL: 3CVE-2012-5879 – McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method
https://notcve.org/view.php?id=CVE-2012-5879
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method. Un control ActiveX en McHealthCheck.dll en McAfee Virtual Technician (MVT) y ePO-MVT-6.5.0.2101 y anteriores permite a atacantes remotos modificar o crear archivos arbitrarios a través de un argumento de ruta completa al método Save. McAfee Virtual Technician (MVT) 6.5.0.2101 suffers from an exposed unsafe active-x method. • https://www.exploit-db.com/exploits/24907 http://archives.neohapsis.com/archives/bugtraq/2013-03/0143.html http://osvdb.org/91700 http://www.securityfocus.com/bid/58750 http://www.securitytracker.com/id/1028357 https://kc.mcafee.com/corporate/index?page=content&id=SB10040 https://www.htbridge.com/advisory/HTB23128 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 96%CPEs: 4EXPL: 2CVE-2012-4598 – McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Code Execution
https://notcve.org/view.php?id=CVE-2012-4598
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site. Control ActiveX no especificado en McAfee Virtual Technician (MVT) anteriores a v6.4, y ePO-MVT, permite a atacantes remotos ejecutar código o provocar una denegación de servicio (caída de Internet Explorer) a través de un sitio Web manipulado. • https://www.exploit-db.com/exploits/18805 https://www.exploit-db.com/exploits/18812 https://kc.mcafee.com/corporate/index?page=content&id=SB10028 •