ID CVE-2007-1538 Type cve Reporter cve@mitre.org Modified 2018-10-16T16:39:00
Description
DISPUTED McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product.
{"id": "CVE-2007-1538", "bulletinFamily": "NVD", "title": "CVE-2007-1538", "description": "** DISPUTED ** McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\DesktopProtection or (2) HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Entreprise\\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product.", "published": "2007-03-20T22:19:00", "modified": "2018-10-16T16:39:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1538", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/463074/100/0/threaded", "http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html", "http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html", "http://www.securityfocus.com/archive/1/463187/100/0/threaded", "http://www.securityfocus.com/archive/1/463091/100/0/threaded", "http://www.osvdb.org/33800", "http://www.securitytracker.com/id?1017791"], "cvelist": ["CVE-2007-1538"], "type": "cve", "lastseen": "2019-05-29T18:08:59", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "663348b8a5200215ecf550923ab94d8a"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "29a5262fb0c358ba7b9b0a3ad5a3192b"}, {"key": "cpe23", "hash": "baf8329bc7ed8ffefec70836c8a05ab6"}, {"key": "cvelist", "hash": "c575a1b90a04a700e9fa8bb96c846225"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "5cba4e3f93c888e901ce48664d920b15"}, {"key": "href", "hash": "2b47c20256105270c2520f1eb028eb14"}, {"key": "modified", "hash": "e56c0b3fb022cc774ec9c3d27cc7d68f"}, {"key": "published", "hash": "42d474e5cb2e680bc6580fe3f528d4ce"}, {"key": "references", "hash": "23a071645f20ae42ceebe879d3f4639e"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "f1951b4e5e650c326df1ba3c1ebc7410"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b2fffaab3535dc5774cbc78e453c843c28a6b941233b6ed96251bfa310624b8e", "viewCount": 0, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2019-05-29T18:08:59"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:33800"]}], "modified": "2019-05-29T18:08:59"}, "vulnersScore": 5.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:mcafee:virusscan_enterprise:8.5i"], "affectedSoftware": [{"name": "mcafee virusscan_enterprise", "operator": "eq", "version": "8.5i"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:mcafee:virusscan_enterprise:8.5i:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Vulnerability Description\nMcAfee VirusScan Enterprise has been reported to contain a privilege escalation flaw that may allow a local user to gain access to the password protected virusscan console. The issue is triggered when the UIP value is cleared in the Windows registry under HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\DesktopProtection or HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Entreprise\\CurrentVersion.\n\nAdditional third-party examination indicates this is not an issue due to the security settings on the registry keys by default are not writable with only user permissions.\n## Solution Description\nThe vulnerability reported is incorrect. No solution required.\n## Short Description\nMcAfee VirusScan Enterprise has been reported to contain a privilege escalation flaw that may allow a local user to gain access to the password protected virusscan console. The issue is triggered when the UIP value is cleared in the Windows registry under HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\DesktopProtection or HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Entreprise\\CurrentVersion.\n\nAdditional third-party examination indicates this is not an issue due to the security settings on the registry keys by default are not writable with only user permissions.\n## References:\nSecurity Tracker: 1017791\nOther Advisory URL: http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html\nOther Advisory URL: http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0235.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0242.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0252.html\n[CVE-2007-1538](https://vulners.com/cve/CVE-2007-1538)\n", "modified": "2007-03-17T10:32:46", "published": "2007-03-17T10:32:46", "href": "https://vulners.com/osvdb/OSVDB:33800", "id": "OSVDB:33800", "title": "McAfee VirusScan Enterprise Registry Permission Weakness UIP Local Password Bypass", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}