CVE-2012-5879

An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician MVT and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method...

CVE-2012-4598

An unspecified ActiveX control in McAfee Virtual Technician MVT before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service Internet Explorer crash via a crafted web site...

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX GetObject() Exploit

No description provided by source...

McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method

No description provided by source...

McAfee Virtual Technician ActiveX Control Insecure Method Exposure (CVE-2012-5879)

An insecure method exposure vulnerability has been reported in McAfee Virtual Technician...

McAfee Virtual Technician McHealthCheck.dll ActiveX Control Save() Method Arbitrary File Overwrite (SB10040)

The remote Windows host has a version of the McAfee Virtual Technician / ePolicy Orchestrator McHealthCheck.dll ActiveX control that allows arbitrary files to be corrupted / overwritten due to a flaw in the Save method. If an attacker can trick a user on the affected host into viewing a specially...

McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method

McAfee Virtual Technician MVT 6.5.0.2101 - Insecure ActiveX Method Advisory ID: HTB23128 Product: McAfee Virtual Technician MVT 6.5.0.2101 Vendor: McAfee Vulnerable Versions: 6.5.0.2101 and probably prior Tested Version: 6.5.0.2101 on Windows 7 SP1 and Internet Explorer 9 Vendor Notification:...

McAfee Virtual Technician ActiveX 控件'Save()'方法文件覆盖漏洞

BUGTRAQ ID: 58750 CVECAN ID: CVE-2012-5879 McAfee Virtual Technician是分析诊断工具。 McAfee Virtual Technician 6.5.0.2101及其他版本的ActiveX控件存在安全漏洞可导致攻击者覆盖或创建受影响应用上下文内的任意文件。该安全漏洞存在于"McHealthCheck.dll"的"Save"方法。 0 McAfee Virtual Technician 6.5.0.2101 厂商补丁： McAfee ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2012-5879

An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician MVT and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method...

Design/Logic Flaw

An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician MVT and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method...

CVE-2012-5879

Summary: CVE-2012-5879 affects McAfee Virtual Technician (MVT) and ePO-MVT prior to remediation, via the ActiveX control in McHealthCheck.dll. The insecure Save() method on McHealthCheck.dll can cause remote attackers to modify or create arbitrary files using a full pathname argument, potentially...

CVE-2012-5879

An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician MVT and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method...

McAfee Virtual Technician (MVT) 6.5.0.2101 Unsafe Active-X

Advisory ID: HTB23128 Product: McAfee Virtual Technician MVT 6.5.0.2101 Vendor: McAfee Vulnerable Versions: 6.5.0.2101 and probably prior Tested Version: 6.5.0.2101 on Windows 7 SP1 and Internet Explorer 9 Vendor Notification: November 19, 2012 Vendor Patch: March 15, 2013 Public Disclosure: Marc...

McAfee Virtual Technician ActiveX Control Insecure Method

High-Tech Bridge Security Research Lab discovered vulnerability in McAfee Virtual Technician ActiveX control, which can be exploited by remote malicious person to overwrite arbitrary files with garbage data on a vulnerable system. 1 Insecure method in McAfee Virtual Technician ActiveX control:...

McAfee Virtual Technician ActiveX Control Insecure Method Code Execution (CVE-2012-4598)

A remote code execution vulnerability has been reported in McAfee Virtual Technician. The vulnerability is due to a design weakness in a certain method, which allows instantiation of an arbitrary object on the vulnerable system. A remote attacker can exploit this vulnerability by enticing a targe...

McAfee Virtual Technician ActiveX Control GetObject() Method Remote Command Execution (SB10028)

The remote Windows host has a version of the McAfee Virtual Technician / ePolicy Orchestrator ActiveX control that allows execution of arbitrary code. The 'GetObject' method can be used to load any class on the underlying operating system. For example, by loading the 'WScript.Shell' class,...

CVE-2012-4598

An unspecified ActiveX control in McAfee Virtual Technician MVT before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service Internet Explorer crash via a crafted web site...

Code injection

An unspecified ActiveX control in McAfee Virtual Technician MVT before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service Internet Explorer crash via a crafted web site...

CVE-2012-4598

The CVE-2012-4598 issue affects McAfee Virtual Technician (MVT) ActiveX control (MVTControl) prior to version 6.4 and related ePO-MVT components. The vulnerability arises from an unspecified ActiveX control that can be abused via a crafted web page to execute arbitrary code or cause a denial of s...