McAfee_Security_Center_MCINSCTL_DLL_ActiveX_Control_File_Overwrite_attack

A vulnerability exists in the McAfee Security Center product. The flaw is caused by a lack of implementation of domain-based access restrictions on the McLog ActiveX control provided by the affected product. A remote attacker may exploit this vulnerability via a specially crafted Web page to write arbitrary files on the target system. After successfully exploiting this vulnerability, a file on the target file system might be created, modified, or overwritten. An attacker may write a file to a startup folder in order to execute arbitrary code during the next reboot or logon session or overwrite credential files on the system in order to gain access to the system. Thus, the behavior of the target depends on the intention of the attacker.