Privilege Escalation Vulnerability in McAfee VirusScan Enterprise and CMA
CVE-2005-4505

Currently unrated

Key Information:

Vendor: Mcafee
Status: Common Management Agent; Virusscan Enterprise
Vendor: CVE Published:; 23 December 2005

Summary

An unquoted Windows search path vulnerability in McAfee VirusScan Enterprise and CMA can be exploited by local users to gain elevated privileges. This occurs when 'naPrdMgr.exe' tries to execute 'EntVUtil.EXE' under a path that lacks proper quoting. If a malicious 'program.exe' file is placed in the C: folder, the execution context becomes compromised, enabling unauthorized actions and potential system breaches.

References

http://reedarvin.thearvins.com/20051222-01.html

x_refsource_MISC

http://www.securityfocus.com/archive/1/420104/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/23815

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 23, 2005
Vulnerability Reserved
Dec 22, 2005