Vulnerabilities > CVE-2005-3657 - Unspecified vulnerability in Mcafee Mcinsctl.Dll and Virusscan Security Center

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

mcafee

NVD

Published: 2005-12-21

Updated: 2011-03-08

Summary

The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Mcinsctl.Dll 4.0.0.83 Mcafee Virusscan Security Center * Mcafee Virusscan Security Center 4.0 Mcafee Virusscan Security Center 4.0.3 Mcafee Virusscan Security Center 4.5 Mcafee Virusscan Security Center 4.5.1 Mcafee Virusscan Security Center 5.0 Mcafee Virusscan Security Center 6.0 Mcafee Virusscan Security Center 7.0 Mcafee Virusscan Security Center 7.1 Mcafee Virusscan Security Center 8.0 Mcafee Virusscan Security Center 9.0	12

Summary

Vulnerable Configurations

References