CVE-2007-2152 - Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows

CVE-2007-2152

Summary

Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. The vendor has addressed this issue with the following product update: https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=612750&command=show&forward=nonthreadedKC

References

Vulnerable Configurations

cpe:2.3:a:mcafee:virusscan_enterprise:8.0i:p11:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan_enterprise:8.0i:p11:*:*:*:*:*:*

CVSS

Base:	7.9 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:A/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	23543
cert-vn	VU#324929
confirm	https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=612750&command=show&forward=nonthreadedKC
idefense	20070417 McAfee VirusScan On-Access Scanner Long Unicode File Name Buffer Overflow
sectrack	1017928
secunia	24914
vupen	ADV-2007-1435
xf	mcafee-onaccess-bo(33732)

Last major update

29-07-2017 - 01:31

Published

19-04-2007 - 10:19

Last modified

29-07-2017 - 01:31