Local File Permission Flaw in McAfee VirusScan for Mac Virex
CVE-2007-1226

Currently unrated

Key Information:

Vendor: Mcafee
Status: Virex
Vendor: CVE Published:; 2 March 2007

What is CVE-2007-1226?

The vulnerability in McAfee VirusScan for Mac (Virex) arises from weak permissions set on the VShieldExclude.txt file located in the /Library/Application Support/Virex/ directory. With permissions set to 0666, local users have the ability to modify this file, which allows them to configure the antivirus software to skip scanning of any arbitrary files. This could potentially allow malicious users to evade security features of the software, leading to undetected threats.

References

http://www.securityfocus.com/bid/22744

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/461485/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securitytracker.com/id?1017707

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2007
Vulnerability Reserved
Mar 2, 2007

Mcafee

What is CVE-2007-1226?

References

Timeline