ActiveX Control Vulnerability in McAfee VirusScan Security Center
CVE-2005-3657

Currently unrated

Key Information:

Vendor: Mcafee
Status: Virusscan Security Center; Mcinsctl.dll
Vendor: CVE Published:; 21 December 2005

Summary

The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center contains a vulnerability that fails to leverage the IObjectSafetySiteLock API for domain access restrictions. This oversight permits attackers to manipulate files remotely via the vulnerable StartLog and AddLog methods in the MCINSTALL.McLog object. As a result, this flaw could lead to unauthorized file creation or modification, potentially compromising system integrity.

References

http://securityreason.com/securityalert/279

third-party-advisoryx_refsource_SREASON

http://securitytracker.com/id?1015390

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2005/3006

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Dec 21, 2005
Vulnerability Reserved
Nov 18, 2005