Date: Apr 27 2004
Impact: User access via network
Exploit Included: Yes
Description: A vulnerability was reported in McAfee VirusScan. A remote user may be able to access a target user’s system.
Jonathan Payne reported that the software appears to install several non-secure ActiveX controls. A remote user can reportedly create HTML that, when loaded by the target user, will invoke the ActiveX controls and access the target user’s system.
A demonstration exploit that accesses the target user’s Windows registry is provided in the Source Message.
Impact: A remote user can create HTML that, when loaded by the target user, will be able to access the target user’s system.
Solution: No solution was available at the time of this entry.
Vendor URL: www.mcafee.com/
Cause: Access control error
Underlying OS: Windows (Any)