McAfee Virtual Technician ActiveX Control 'GetObject()' Insecure Method Vulnerability

Bugtraq ID:	53304
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 30 2012 12:00AM
Updated:	Aug 23 2012 09:00PM
Credit:	rgod
Vulnerable:	McAfee Virtual Technician 6.3.0.1911
Not Vulnerable:

McAfee Virtual Technician ActiveX Control 'GetObject()' Insecure Method Vulnerability

McAfee Virtual Technician ActiveX control ('MVT.dll') is prone to a vulnerability caused by an insecure method.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application (typically Internet Explorer) that uses the ActiveX control.

McAfee Virtual Technician 6.3.0.1911 is vulnerable; other versions may also be affected.

McAfee Virtual Technician ActiveX Control 'GetObject()' Insecure Method Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web page.

The following exploits are available:

• /data/vulnerabilities/exploits/53304.txt
• /data/vulnerabilities/exploits/53304.rb

McAfee Virtual Technician ActiveX Control 'GetObject()' Insecure Method Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

McAfee Virtual Technician ActiveX Control 'GetObject()' Insecure Method Vulnerability

References:

• McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObje (rgod)
  
• McAfee Virtual Technician Product Homepage (McAfee)
  
• McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObje (rgod)