The default installation of McAfee VirusScan excludes quotes around the image path (eg. ImagePath=C:\Program Files\Common Files\Network Associates\McShield\McShield.exe). Therefore, if a malicious user were to insert a hostile VB executable file named common.exe in C:\Program Files, it would automatically run upon startup of McShield.exe. The malicious user could perform the action of their choice given that it could be successfully deployed through a VB file. This includes privilege escalation, addition and removal of users, file modification, implanting of trojans and viruses, etc.
McAfee has released Service Pack 1 for VirusScan which eliminates this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
mcafee virusscan | eq | 4.5.0 |