CVE-2005-3657

Currently unrated

Key Information:

Vendor: Mcafee
Status: Virusscan Security Center; Mcinsctl.dll
Vendor: CVE Published:; 21 December 2005

Summary

The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.

References

http://securityreason.com/securityalert/279

third-party-advisoryx_refsource_SREASON

http://securitytracker.com/id?1015390

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2005/3006

vdb-entryx_refsource_VUPEN

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 21, 2005
Vulnerability Reserved
Nov 18, 2005