Privilege Escalation Vulnerability in McAfee VirusScan Enterprise and CMA
CVE-2005-4505

Currently unrated

Key Information:

Vendor: Mcafee
Status: Common Management Agent; Virusscan Enterprise
Vendor: CVE Published:; 23 December 2005

What is CVE-2005-4505?

An unquoted Windows search path vulnerability in McAfee VirusScan Enterprise and CMA can be exploited by local users to gain elevated privileges. This occurs when 'naPrdMgr.exe' tries to execute 'EntVUtil.EXE' under a path that lacks proper quoting. If a malicious 'program.exe' file is placed in the C: folder, the execution context becomes compromised, enabling unauthorized actions and potential system breaches.

References

http://reedarvin.thearvins.com/20051222-01.html

x_refsource_MISC

http://www.securityfocus.com/archive/1/420104/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/23815

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2005
Vulnerability Reserved
Dec 22, 2005

Mcafee

What is CVE-2005-4505?

References

Timeline