Vulnerabilities > CVE-2005-4505 - Local Privilege Escalation vulnerability in McAfee VirusScan Path Specification
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | McAfee VirusScan 8.0 Path Specification Local Privilege Escalation Vulnerability. CVE-2005-4505. Local exploit for windows platform |
| id | EDB-ID:26970 |
| last seen | 2016-02-03 |
| modified | 2005-12-22 |
| published | 2005-12-22 |
| reporter | Reed Arvin |
| source | https://www.exploit-db.com/download/26970/ |
| title | McAfee VirusScan 8.0 - Path Specification Local Privilege Escalation Vulnerability |
References
- http://reedarvin.thearvins.com/20051222-01.html
- http://securityreason.com/securityalert/292
- http://securitytracker.com/id?1015404
- http://www.securityfocus.com/archive/1/420104/100/0/threaded
- http://www.securityfocus.com/bid/16040
- http://www.vupen.com/english/advisories/2005/3077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23815