1. CVE-Search
  2. CVE-2005-3657
ID CVE-2005-3657
Summary The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.
References
Vulnerable Configurations
  • cpe:2.3:a:mcafee:mcinsctl.dll:4.0.0.83:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:mcinsctl.dll:4.0.0.83:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:*:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:*:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:virusscan_security_center:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:virusscan_security_center:9.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-03-2011 - 02:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 15986
idefense 20051220 McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite
sectrack 1015390
secunia 18169
sreason 279
vupen ADV-2005-3006
Last major update 08-03-2011 - 02:26
Published 21-12-2005 - 11:03
Last modified 08-03-2011 - 02:26
Back to Top