Vulnerabilities > CVE-2004-2635 - Information Disclosure vulnerability in Mcafee Security Installer Control System 4.0.0.81

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mcafee

NVD

Published: 2004-12-31

Updated: 2017-07-20

Summary

An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Security Installer Control System 4.0.0.81	1

References

http://archives.neohapsis.com/archives/ntbugtraq/2004-q2/0026.html
http://secunia.com/advisories/11493
http://www.osvdb.org/5713
http://www.securityfocus.com/bid/10236
http://www.securitytracker.com/alerts/2004/Apr/1009956.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15994