McAfee VirusScan Improper ImagePath Quoting

2000-11-03T10:15:24
ID OSVDB:6289
Type osvdb
Reporter Richard Fry(RichardFry@halifax.co.uk)
Modified 2000-11-03T10:15:24

Description

Vulnerability Description

McAfee VirusScan contains a flaw that may allow a malicious user to execute arbitrary code. The problem is that the default configuration of McAfee VirusScan does not quote the ImagePath variable, which improperly sets the search path. It is possible that the flaw may allow a malicious user to place an arbitrary file called "command.exe" in the "C:\Pogram Files" directory, which could be executed with Local System privileges when the computer is rebooted, resulting in a loss of integrity.

Solution Description

Upgrade to version 4.5 Service Pack 1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

McAfee VirusScan contains a flaw that may allow a malicious user to execute arbitrary code. The problem is that the default configuration of McAfee VirusScan does not quote the ImagePath variable, which improperly sets the search path. It is possible that the flaw may allow a malicious user to place an arbitrary file called "command.exe" in the "C:\Pogram Files" directory, which could be executed with Local System privileges when the computer is rebooted, resulting in a loss of integrity.

References:

Vendor URL: http://www.networkassociates.com/us/products/mcafee/end_of_life.htm Mail List Post: http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0011&L=ntbugtraq&F=&S=&P=2187 ISS X-Force ID: 5484 CVE-2000-1128 Bugtraq ID: 1920