CVE-2007-1227

Currently unrated

Key Information:

Vendor: Mcafee
Status: Virex
Vendor: CVE Published:; 2 March 2007

Summary

VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.

References

http://www.securityfocus.com/bid/22744

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/461485/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://osvdb.org/33797

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Mar 2, 2007
Vulnerability Reserved
Mar 2, 2007