Lucene search

[email protected]CVE-2005-3657

HistoryDec 21, 2005 - 11:03 a.m.

CVE-2005-3657

2005-12-2111:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3657

activex control

mcinsctl.dll

mcafee virusscan

security center

iobjectsafetysitelock api

remote attackers

arbitrary files

startlog

addlog

mcinstall.mclog object

nvd

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.418 Medium

EPSS

Percentile

97.3%

JSON

The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.

CPENameOperatorVersion
mcafee:virusscan_security_centermcafee virusscan security centereq4.5
mcafee:virusscan_security_centermcafee virusscan security centereq7.0
mcafee:virusscan_security_centermcafee virusscan security centereq9.0
mcafee:virusscan_security_centermcafee virusscan security centereq7.1
mcafee:virusscan_security_centermcafee virusscan security centereq*
mcafee:virusscan_security_centermcafee virusscan security centereq4.0
mcafee:virusscan_security_centermcafee virusscan security centereq6.0
mcafee:virusscan_security_centermcafee virusscan security centereq4.0.3
mcafee:mcinsctl.dllmcafee mcinsctl.dlleq4.0.0.83
mcafee:virusscan_security_centermcafee virusscan security centereq4.5.1

CPE	Name	Operator	Version
mcafee:virusscan_security_center	mcafee virusscan security center	eq	4.5
mcafee:virusscan_security_center	mcafee virusscan security center	eq	7.0
mcafee:virusscan_security_center	mcafee virusscan security center	eq	9.0
mcafee:virusscan_security_center	mcafee virusscan security center	eq	7.1
mcafee:virusscan_security_center	mcafee virusscan security center	eq	*
mcafee:virusscan_security_center	mcafee virusscan security center	eq	4.0
mcafee:virusscan_security_center	mcafee virusscan security center	eq	6.0
mcafee:virusscan_security_center	mcafee virusscan security center	eq	4.0.3
mcafee:mcinsctl.dll	mcafee mcinsctl.dll	eq	4.0.0.83
mcafee:virusscan_security_center	mcafee virusscan security center	eq	4.5.1

Rows per page:

1-10 of 121

References

secunia.com/advisories/18169

securityreason.com/securityalert/279

securitytracker.com/id?1015390

www.idefense.com/intelligence/vulnerabilities/display.php?id=358

www.securityfocus.com/bid/15986

www.vupen.com/english/advisories/2005/3006

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.418 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2005-3657

checkpoint_advisories2 securityvulns1