Local Permission Modification Vulnerability in McAfee VirusScan for Mac
CVE-2007-1227

Currently unrated

Key Information:

Vendor: Mcafee
Status: Virex
Vendor: CVE Published:; 2 March 2007

What is CVE-2007-1227?

The vulnerability in McAfee VirusScan for Mac allows local users to exploit a symlink attack on the VShieldExclude.txt file located at /Library/Application Support/Virex/. By manipulating this file, attackers can alter the permissions of arbitrary files, leading to potential unauthorized command execution. This security flaw is particularly dangerous as it can enable a local user to gain higher privileges than intended, thus posing significant risks to system integrity.

References

http://www.securityfocus.com/bid/22744

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/461485/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://osvdb.org/33797

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2007
Vulnerability Reserved
Mar 2, 2007

Mcafee

What is CVE-2007-1227?

References

Timeline