ID CVE-2007-1538 Type cve Reporter NVD Modified 2008-09-05T17:20:45
Description
DISPUTED McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1538", "history": [], "references": ["http://www.securityfocus.com/archive/1/archive/1/463091/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/463187/100/0/threaded", "http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html", "http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html", "http://www.securityfocus.com/archive/1/archive/1/463074/100/0/threaded", "http://www.securitytracker.com/id?1017791"], "lastseen": "2016-09-03T08:36:30", "bulletinFamily": "NVD", "title": "CVE-2007-1538", "cpe": ["cpe:/a:mcafee:virusscan_enterprise:8.5i"], "viewCount": 0, "id": "CVE-2007-1538", "hash": "dd1d5c4b0d8639688971bb1b045bdbb91ae197facdb33fbc2a9a6e407cf96c10", "description": "** DISPUTED ** McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\DesktopProtection or (2) HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Entreprise\\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2007-1538"], "scanner": [], "modified": "2008-09-05T17:20:45", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2007-03-20T18:19:00", "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-09-03T08:36:30"}, "vulnersScore": 7.2}}
{"osvdb": [{"lastseen": "2017-04-28T13:20:30", "references": [], "description": "## Vulnerability Description\nMcAfee VirusScan Enterprise has been reported to contain a privilege escalation flaw that may allow a local user to gain access to the password protected virusscan console. The issue is triggered when the UIP value is cleared in the Windows registry under HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\DesktopProtection or HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Entreprise\\CurrentVersion.\n\nAdditional third-party examination indicates this is not an issue due to the security settings on the registry keys by default are not writable with only user permissions.\n## Solution Description\nThe vulnerability reported is incorrect. No solution required.\n## Short Description\nMcAfee VirusScan Enterprise has been reported to contain a privilege escalation flaw that may allow a local user to gain access to the password protected virusscan console. The issue is triggered when the UIP value is cleared in the Windows registry under HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\DesktopProtection or HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Entreprise\\CurrentVersion.\n\nAdditional third-party examination indicates this is not an issue due to the security settings on the registry keys by default are not writable with only user permissions.\n## References:\nSecurity Tracker: 1017791\nOther Advisory URL: http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html\nOther Advisory URL: http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0235.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0242.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0252.html\n[CVE-2007-1538](https://vulners.com/cve/CVE-2007-1538)\n", "edition": 1, "reporter": "thesinoda()", "published": "2007-03-17T10:32:46", "title": "McAfee VirusScan Enterprise Registry Permission Weakness UIP Local Password Bypass", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-1538"], "modified": "2007-03-17T10:32:46", "href": "https://vulners.com/osvdb/OSVDB:33800", "id": "OSVDB:33800", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
