3 results (0.003 seconds)

CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 1

McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files. McAfee VirusScan para Mac (Virex) versiones anteriores a 7.7 patch 1 tiene permisos débiles (0666) para /Library/Application Support/Virex/VShieldExclude.txt, lo cual permite a usuarios locales reconfigurar Virex para saltar la comprobación de ficheros de su elección. • http://osvdb.org/33798 http://secunia.com/advisories/24337 http://securityreason.com/securityalert/2342 http://www.securityfocus.com/archive/1/461485/100/0/threaded http://www.securityfocus.com/bid/22744 http://www.securitytracker.com/id?1017707 http://www.vupen.com/english/advisories/2007/0777 https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=518722&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=518722 •

CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 3

VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands. VShieldCheck en McAfee VirusScan para Mac (Virex) anterior a 7.7 patch 1 permite a usuarios locales cambiar los permisos de archivos de su elección mediante un ataque de enlace simbólico en /Library/Application Support/Virex/VShieldExclude.txt, como ha sido demostrado enlazando simbólicamente al archivo crontab del usuario root para ejecutar comandos de su elección. • https://www.exploit-db.com/exploits/3386 http://osvdb.org/33797 http://secunia.com/advisories/24337 http://securityreason.com/securityalert/2342 http://www.securityfocus.com/archive/1/461485/100/0/threaded http://www.securityfocus.com/bid/22744 http://www.securitytracker.com/id?1017707 http://www.vupen.com/english/advisories/2007/0777 https://exchange.xforce.ibmcloud.com/vulnerabilities/32729 https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=518722&sliceId=SAL_Public&command&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file. • http://www.securityfocus.com/archive/1/426348/100/0/threaded •