McAfee Security-as-a-Service ActiveX Control Remote Command Execution Vulnerability
BID:51397
Info
McAfee Security-as-a-Service ActiveX Control Remote Command Execution Vulnerability
| Bugtraq ID: | 51397 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 12 2012 12:00AM |
| Updated: | Jan 17 2012 05:00PM |
| Credit: | Andrea Micalizzi A.K.A rgod |
| Vulnerable: |
McAfee Security-as-a-Service 0 |
| Not Vulnerable: | |
Discussion
McAfee Security-as-a-Service ActiveX Control Remote Command Execution Vulnerability
McAfee Security-as-a-Service is prone to a remote command-execution vulnerability.
An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.
Successful exploits will allow the attacker to execute arbitrary commands within the context of the application that uses the ActiveX control (typically Internet Explorer).
McAfee Security-as-a-Service is prone to a remote command-execution vulnerability.
An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.
Successful exploits will allow the attacker to execute arbitrary commands within the context of the application that uses the ActiveX control (typically Internet Explorer).
Exploit / POC
McAfee Security-as-a-Service ActiveX Control Remote Command Execution Vulnerability
The following exploit is available:[email protected]
The following exploit is available:[email protected]
Solution / Fix
McAfee Security-as-a-Service ActiveX Control Remote Command Execution Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
McAfee Security-as-a-Service ActiveX Control Remote Command Execution Vulnerability
References:
References: