McAfee VirusScan 4.5 Unquoted ImagePath Vulnerability

Type symantec
Reporter Symantec Security Response
Modified 2000-11-03T00:00:00



The default installation of McAfee VirusScan excludes quotes around the image path (eg. ImagePath=C:\Program Files\Common Files\Network Associates\McShield\McShield.exe). Therefore, if a malicious user were to insert a hostile VB executable file named common.exe in C:\Program Files, it would automatically run upon startup of McShield.exe. The malicious user could perform the action of their choice given that it could be successfully deployed through a VB file. This includes privilege escalation, addition and removal of users, file modification, implanting of trojans and viruses, etc.

Technologies Affected

  • McAfee VirusScan 4.5.0

McAfee has released Service Pack 1 for VirusScan which eliminates this vulnerability.