Vulnerabilities > CVE-2012-4598 - Unspecified vulnerability in Mcafee products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject() Exploit. CVE-2012-4598. Remote exploit for windows platform id EDB-ID:18805 last seen 2016-02-02 modified 2012-04-30 published 2012-04-30 reporter rgod source https://www.exploit-db.com/download/18805/ title McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject Exploit description McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability. CVE-2012-4598. Remote exploit for windows platform id EDB-ID:18812 last seen 2016-02-02 modified 2012-05-01 published 2012-05-01 reporter metasploit source https://www.exploit-db.com/download/18812/ title McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
Metasploit
description | This module exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user. |
id | MSF:EXPLOIT/WINDOWS/BROWSER/MCAFEE_MVT_EXEC |
last seen | 2020-06-10 |
modified | 2017-10-05 |
published | 2012-04-30 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/mcafee_mvt_exec.rb |
title | McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability |
Nessus
NASL family | Windows |
NASL id | MCAFEE_VIRTUAL_TECHNICIAN_ACTIVEX.NASL |
description | The remote Windows host has a version of the McAfee Virtual Technician / ePolicy Orchestrator ActiveX control that allows execution of arbitrary code. The |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 61719 |
published | 2012-08-29 |
reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/61719 |
title | McAfee Virtual Technician ActiveX Control GetObject() Method Remote Command Execution (SB10028) |
code |
|