Signature Detail
Short Name |
HTTP:STC:ACTIVEX:MCFEE-MCINSCTL |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
McAfee Security Center MCINSCTL.DLL ActiveX |
Release Date |
2011/06/30 |
Update Number |
1948 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: McAfee Security Center MCINSCTL.DLL ActiveX
This signature detects attempts to use unsafe ActiveX controls in McAfee Security Center. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
McAfee VirusScan Security Center is prone to an arbitrary file overwrite vulnerability. Attackers are able to create and modify arbitrary files. Successful exploitation can lead to various attacks including potential arbitrary code execution and remote unauthorized access.
Affected Products
- McAfee VirusScan 4.0.0
- McAfee VirusScan 4.0.3
- McAfee VirusScan 4.5.0
- McAfee VirusScan 4.5.1
- McAfee VirusScan 5.0.0
- McAfee VirusScan 6.0.0
- McAfee VirusScan 7.0.0
- McAfee VirusScan 7.1.0
- McAfee VirusScan 8.0.0
- McAfee VirusScan 9.0.0
References
- BugTraq: 15986
- CVE: CVE-2005-3657