Lucene search

[email protected]CVE-1999-1555

HistoryJun 11, 1998 - 4:00 a.m.

CVE-1999-1555

1998-06-1104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-1999-1555

inoculan 4.0

vulnerability

trojan horse

anti-virus server

local users

7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service Pack 2 creates an update directory with “EVERYONE FULL CONTROL” permissions, which allows local users to cause Inoculan’s antivirus update feature to install a Trojan horse dll.

CPENameOperatorVersion
cheyenne:inoculan_anti-virus_servercheyenne inoculan anti-virus serverle4.0

CPE	Name	Operator	Version
cheyenne:inoculan_anti-virus_server	cheyenne inoculan anti-virus server	le	4.0

References

www.securityfocus.com/archive/1/9515

www.securityfocus.com/bid/106

exchange.xforce.ibmcloud.com/vulnerabilities/1536

7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON