Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902562
Category:General
Title:McAfee SaaS Endpoint Protection ActiveX Controls Multiple Code Execution Vulnerabilities
Summary:This host is installed with McAfee SaaS Endpoint Protection and is; prone to multiple code execution vulnerabilities.
Description:Summary:
This host is installed with McAfee SaaS Endpoint Protection and is
prone to multiple code execution vulnerabilities.

Vulnerability Insight:
- An error within the MyASUtil ActiveX control (MyAsUtil5.2.0.603.dll) when
processing the 'CreateSecureObject()' method can be exploited to inject
and execute arbitrary commands.

- The insecure 'Start()' method within the MyCioScan ActiveX control
(myCIOScn.dll) can be exploited to write to arbitrary files in the context
of the currently logged-on user.

Vulnerability Impact:
Successful exploitation could allow attackers to execute arbitrary code in
the context of the application running the ActiveX control.

Affected Software/OS:
McAfee SaaS Endpoint Protection version 5.2.1 and prior.

Solution:
Upgrade to McAfee SaaS Endpoint Protection version 5.2.2 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 49087
Common Vulnerability Exposure (CVE) ID: CVE-2011-3006
http://dvlabs.tippingpoint.com/advisory/TPTI-11-12
http://osvdb.org/74512
XForce ISS Database: mcafee-saas-myasutil520603-code-execution(69094)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69094
Common Vulnerability Exposure (CVE) ID: CVE-2011-3007
http://dvlabs.tippingpoint.com/advisory/TPTI-11-13
http://osvdb.org/74513
XForce ISS Database: mcafee-saas-mycioscn-code-execution(69093)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69093
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.