Vulnerabilities > CVE-2000-0650 - Unspecified vulnerability in Network Associates Netshield and Virusscan

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

network-associates

NVD

Published: 2000-07-11

Updated: 2017-10-10

Summary

The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.

Vulnerable Configurations

Part	Description	Count
Application	Network_Associates Network Associates Netshield 4.5 Network Associates Virusscan 4.5	2

References

http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753
http://www.osvdb.org/1458
http://www.osvdb.org/4200
http://www.securityfocus.com/bid/1458
https://exchange.xforce.ibmcloud.com/vulnerabilities/5177