Insecure Permissions Vulnerability in McAfee VirusScan Enterprise
CVE-2007-1538

Currently unrated

Key Information:

Vendor: Mcafee
Status: Virusscan Enterprise
Vendor: CVE Published:; 20 March 2007

Summary

The vulnerability occurs in McAfee VirusScan Enterprise version 8.5.0.i due to the use of insecure permissions for certain Windows Registry keys. This flaw potentially allows local users to bypass password protection through manipulation of the UIP value in specific registry paths, specifically HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection and HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion. Although some third-party researchers have disputed this issue, stating that default permissions restrict write access to these keys and that the product does not modify inherited permissions, there is still a possibility of interaction errors with other software that may exacerbate the situation.

References

http://www.osvdb.org/33800

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/archive/1/463187/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://homepage.mac.com/adonismac/Advisory/crack_mcafee_p...

x_refsource_MISC

Timeline

Vulnerability published
Mar 20, 2007
Vulnerability Reserved
Mar 20, 2007