CVE-2012-5879

Severity

82%

Complexity

68%

Confidentiality

158%

An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.

An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.

CVSS 2.0 Base Score 8.2. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:P).

Overview

First reported 11 years ago

2013-03-28 23:55:00

Last updated 11 years ago

2013-03-29 14:18:00

Affected Software

McAfee Virtual Technician (MVT) 6.3.0.1911

6.3.0.1911

ePO McAfee Virtual Technician (MVT) 1.0

1.0

ePO McAfee Virtual Technician (MVT) 1.0.4.0

1.0.4.0

ePO McAfee Virtual Technician (MVT) 1.0.7

1.0.7

ePO McAfee Virtual Technician (MVT) 1.0.8

1.0.8

ePO McAfee Virtual Technician (MVT) 1.0.9

1.0.9

References

20130327 McAfee Virtual Technician ActiveX Control Insecure Method

Exploit

91700

58750

Exploit

1028357

https://kc.mcafee.com/corporate/index?page=content&id=SB10040

https://www.htbridge.com/advisory/HTB23128

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.