Mcafee_FreeScan_Information_Disclosure_attack

Two vulnerabilities exist in a component of the McAfee's FreeScan service. An information disclosure vulnerability exists that may allow remote attackers to gain file-system information and can be used to obtain the user-name being used. A second vulnerability allows attackers to cause applications executing VBScript or Javascript to terminate. Only systems that have used McAfee's online virus scanning tool FreeScan are susceptible to attack. After triggering of the information disclosure vulnerability, file-system paths of the victim's computer may be transmitted to a malicious host through an HTTP GET or POST request or by some other means. After triggering of the application termination vulnerability, the process executing the malicious script on the victim's host will terminate. This will often be Internet Explorer in the case that the malicious script is embedded in a web page.