19 matches found
CVE-2012-5879
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician MVT and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method...
CVE-2012-4598
An unspecified ActiveX control in McAfee Virtual Technician MVT before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service Internet Explorer crash via a crafted web site...
McAfee Virtual Technician ActiveX 控件'Save()'方法文件覆盖漏洞
BUGTRAQ ID: 58750 CVECAN ID: CVE-2012-5879 McAfee Virtual Technician是分析诊断工具。 McAfee Virtual Technician 6.5.0.2101及其他版本的ActiveX控件存在安全漏洞可导致攻击者覆盖或创建受影响应用上下文内的任意文件。该安全漏洞存在于"McHealthCheck.dll"的"Save"方法。 0 McAfee Virtual Technician 6.5.0.2101 厂商补丁: McAfee ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Design/Logic Flaw
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician MVT and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method...
CVE-2012-5879
Summary: CVE-2012-5879 affects McAfee Virtual Technician (MVT) and ePO-MVT prior to remediation, via the ActiveX control in McHealthCheck.dll. The insecure Save() method on McHealthCheck.dll can cause remote attackers to modify or create arbitrary files using a full pathname argument, potentially...
CVE-2012-5879
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician MVT and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method...
McAfee Virtual Technician ActiveX Control Insecure Method Code Execution (CVE-2012-4598)
A remote code execution vulnerability has been reported in McAfee Virtual Technician. The vulnerability is due to a design weakness in a certain method, which allows instantiation of an arbitrary object on the vulnerable system. A remote attacker can exploit this vulnerability by enticing a targe...
McAfee Virtual Technician ActiveX Control GetObject() Method Remote Command Execution (SB10028)
The remote Windows host has a version of the McAfee Virtual Technician / ePolicy Orchestrator ActiveX control that allows execution of arbitrary code. The 'GetObject' method can be used to load any class on the underlying operating system. For example, by loading the 'WScript.Shell' class,...
Code injection
An unspecified ActiveX control in McAfee Virtual Technician MVT before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service Internet Explorer crash via a crafted web site...
McAfee Virtual Technician MVT.MVTControl ActiveX Control Insecure Method
Added: 05/04/2012 BID: 53304 Background McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly. Problem McAfee Virtual Technician ActiveX control MVT.dll, as provided in McAfee...
McAfee Virtual Technician MVT.MVTControl ActiveX Control Insecure Method
Added: 05/04/2012 BID: 53304 Background McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly. Problem McAfee Virtual Technician ActiveX control MVT.dll, as provided in McAfee...
McAfee Virtual Technician MVT.MVTControl ActiveX Control Insecure Method
Added: 05/04/2012 BID: 53304 Background McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly. Problem McAfee Virtual Technician ActiveX control MVT.dll, as provided in McAfee...
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "McAfee Virtual...
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject Security Bypass Remote Code Execution Vulnerability tested against: Microsoft Windows Vista sp2 Microsoft Windows 2003 r2 sp2 Internet Explorer 7/8/9 product homepage:...
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
This module exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user. This module...
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 Code Execution
Exploit for windows platform in category remote exploits McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject Security Bypass Remote Code Execution Vulnerability tested against: Microsoft Windows Vista sp2 Microsoft Windows 2003 r2 sp2 Internet Explorer 7/8/9 product...
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject() Code Execution
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject Code Execution McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject Security Bypass Remote Code Execution Vulnerability tested against: Microsoft Windows Vista sp2 Microsoft Windows 2003 r2...
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX 'GetObject()' Code Execution
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject Security Bypass Remote Code Execution Vulnerability tested against: Microsoft Windows Vista sp2 Microsoft Windows 2003 r2 sp2 Internet Explorer 7/8/9 product homepage:...