McAfee Security-as-a-Service (SaaS) mcCIOScn.dll ShowReport Method Remote Command Execution

The myCIOScn.dll ActiveX control, installed on the remote Windows host as part of McAfee Security-as-a-Service SaaS / Total Protection Service, reportedly does not require authentication before executing arbitrary commands passed to its 'ShowReport' method. If an attacker can trick a user on the...

McAfee SaaS MyCioScan ShowReport Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

McAfee SaaS MyCioScan ShowReport Remote Command Execution

This module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport function located in the myCIOScn.dll ActiveX component fails to check the FileName argument, and passes it on to a ShellExecuteW function, therefore allows any malicious attacker to execute any process that...

McAfee SaaS MyCioScan ShowReport - Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "McAfee SaaS...

McAfee SaaS MyCioScan ShowReport Remote Command Execution

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...