A vulnerability within McAfee SaaS Endpoint Protection ActiveX control, myCIOScn.dll, can be exploited by an attacker via supplying an arbitrary filename to the ShowReport() function. Successful exploitation my allow an attacker to arbitrarily execute code in the context of the currently logged on user.
- McAfee SaaS Endpoint Protection 5.x
Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 15792 - McAfee SaaS Endpoint Protection Command Injection
Set the kill-bit for the vulnerable ActiveX control: HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX