BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

McAfee SaaS ActiveX “ShowReport()” Command Injection Vulnerability

Disclosed January 12, 2012    Workaround Available

Vulnerability Description:

A vulnerability within McAfee SaaS Endpoint Protection ActiveX control, myCIOScn.dll, can be exploited by an attacker via supplying an arbitrary filename to the ShowReport() function. Successful exploitation my allow an attacker to arbitrarily execute code in the context of the currently logged on user. 

Vendors:

McAfee

Vulnerable Software/Devices:

  • McAfee SaaS Endpoint Protection 5.x

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 15792 - McAfee SaaS Endpoint Protection Command Injection

Mitigation:

Set the kill-bit for the vulnerable ActiveX control: HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX

Compatibility209EBDEE-065C-11D4-A6B8-00C04F0D38B7

Links:

CVE(s):

None

Leave a Reply