Brandon Posted December 21, 2005 Report Share Posted December 21, 2005 Story published by SecuniaSource: Peter VreugdenhilPeter Vreugdenhil has reported a vulnerability in McAfee SecurityCenter, which potentially can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to an error in restricting the browser domain in which the "mcinsctl.dll" ActiveX control can be instantiated. The control contains the "MCINSTALL.McLog" object that can be used to write to a log file. This can be exploited to create or append to arbitrary files, potentially allowing arbitrary code execution by creating files in the user's startup folder.Successful exploitation requires that the user is e.g. tricked into visiting a malicious website.The vulnerability has been reported in "mcinsctl.dll" version 4.0.0.83 that is included with McAfee VirusScan. Other products that contain the vulnerability ActiveX control may also be affected.Solution:The vulnerability has reportedly been fixed via automatic update.Secunia Advisory Quote Link to post Share on other sites
blim Posted December 22, 2005 Report Share Posted December 22, 2005 (edited) "The vulnerability has reportedly been fixed via automatic update"Ah, music to my ears!! (and my son hates the auto updates, perfect reason why I LOVE them!) Thank you, BrandonLiz Edited December 22, 2005 by blim Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.