CVE-2007-1226 - McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Applica

CVE-2007-1226

Summary

McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.

References

Vulnerable Configurations

cpe:2.3:a:mcafee:virex:*:*:macintosh:*:*:*:*:*
cpe:2.3:a:mcafee:virex:*:*:macintosh:*:*:*:*:*

CVSS

Base:	4.1 (as of 16-10-2018 - 16:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:S/C:P/I:P/A:P

refmap via4

bid	22744
bugtraq	20070227 [NETRAGARD-20070220 SECURITY ADVISORY] [McAfee VirusScan for Mac (Virex) Local root exploit and Scan Bypass]
confirm	https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=518722&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=518722
osvdb	33798
sectrack	1017707
secunia	24337
sreason	2342
vupen	ADV-2007-0777

Last major update

16-10-2018 - 16:37

Published

02-03-2007 - 22:19

Last modified

16-10-2018 - 16:37