CVE-2000-0650
Summary
| CVE | CVE-2000-0650 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2000-07-11 04:00:00 UTC |
| Updated | 2017-10-10 01:29:00 UTC |
| Description | The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Network Associates | Netshield | 4.5 | All | All | All |
| Application | Network Associates | Netshield | 4.5 | All | All | All |
| Application | Network Associates | Virusscan | 4.5 | All | windows_nt | All |
| Application | Network Associates | Virusscan | 4.5 | All | windows_nt | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| NAI VirusScan/NetShield AutoUpgrade Executable Verification Vulnerability | BID | www.securityfocus.com | Patch, Vendor Advisory |
| 20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5 | NTBUGTRAQ | www.ntbugtraq.com | Patch, Vendor Advisory |
| 1458 | OSVDB | www.osvdb.org | |
| 4200 | OSVDB | www.osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.