McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly.
McAfee Virtual Technician ActiveX control (
MVT.dll), as provided in McAfee Virtual Technician 220.127.116.111 (and perhaps other versions), is vulnerable to remote code execution caused by an insecure
Contact the vendor to determine when the product has been patched. In the interim, the
MVT.MVTControl ActiveX control in
MVT.dll can be disabled by following Microsoft's instructions at <http://support.microsoft.com/kb/240797> to disable
This exploit has been tested against McAfee Virtual Technician 18.104.22.1681 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).
The exploit page must be opened using Internet Explorer 8 or 9 on the target.