Strike ID:
E12-7jb01
CVSS:
8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)
False Positive:
t
Variants:
3
Year:
2012

Description

This strike exploits a vulnerable ActiveX control in McAfee Virtual Technician. The Save method allows for creation or overwriting of arbitrary files, including important system files. Successful exploitation could result in creation or overwriting of arbitrary files with privileges of the currently logged in user. Overwriting of system files could result in a denial of service condition.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{91700}