CVE-2000-0650
Summary
| CVE | CVE-2000-0650 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2000-07-11 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse. |
Risk And Classification
Primary CVSS: v2.0 2.1 from [email protected]
AV:L/AC:L/Au:N/C:N/I:P/A:N
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:L/AC:L/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Network Associates | Netshield | 4.5 | All | All | All |
| Application | Network Associates | Virusscan | 4.5 | All | windows_nt | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.osvdb.org/1458 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| www.ntbugtraq.com/default.asp | af854a3a-2127-422b-91ae-364da2661108 | www.ntbugtraq.com | Patch, Vendor Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| www.osvdb.org/4200 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| NAI VirusScan/NetShield AutoUpgrade Executable Verification Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.