BID:58163

McAfee VirusScan Enterprise Local Privilege Escalation Vulnerability

Info

McAfee VirusScan Enterprise Local Privilege Escalation Vulnerability

Bugtraq ID:	58163
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Feb 25 2013 12:00AM
Updated:	Feb 25 2013 12:00AM
Credit:	Reported by vendor
Vulnerable:	McAfee VirusScan Enterprise 8.8 Patch 2

Not Vulnerable:	McAfee VirusScan Enterprise 8.8 Patch 3

Discussion

McAfee VirusScan Enterprise Local Privilege Escalation Vulnerability

McAfee VirusScan Enterprise is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to gain elevated privileges on affected computers.

McAfee VirusScan Enterprise 8.8 Patch 2 is vulnerable; other versions may also be affected.

Exploit / POC

McAfee VirusScan Enterprise Local Privilege Escalation Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

McAfee VirusScan Enterprise Local Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

McAfee VirusScan Enterprise Local Privilege Escalation Vulnerability

References:

McAfee VirusScan Enterprise (McAfee)
McAfee Security Bulletin - Virus Scan Enterprise update fixes a potential privil (McAfee)