Vulnerabilities > CVE-2000-1128 - Unspecified vulnerability in Mcafee Virusscan 4.5

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

mcafee

NVD

Published: 2001-01-09

Updated: 2008-09-05

Summary

The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Virusscan 4.5	1

References

http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html
http://www.securityfocus.com/bid/1920