CVE-2000-0650 - The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registr

CVE-2000-0650

Summary

The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.

References

Vulnerable Configurations

cpe:2.3:a:network_associates:netshield:4.5:*:*:*:*:*:*:*
cpe:2.3:a:network_associates:netshield:4.5:*:*:*:*:*:*:*
cpe:2.3:a:network_associates:virusscan:4.5:*:windows_nt:*:*:*:*:*
cpe:2.3:a:network_associates:virusscan:4.5:*:windows_nt:*:*:*:*:*

CVSS

Base:	2.1 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	1458
ntbugtraq	20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5
osvdb	1458 4200
xf	nai-virusscan-netshield-autoupgrade(5177)

Last major update

10-10-2017 - 01:29

Published

11-07-2000 - 04:00

Last modified

10-10-2017 - 01:29