فا

‫ تزريق دستور ""ShowReport() در كنترل هاي ActiveX در McAfee SaaS Endpoint Protection

IRCAD2012011652
ID: IRCAD2012011652
Release Date: 2012-01-16
Criticality level: Highly critical
 
Software:
McAfee SaaS Endpoint Protection 5.x
 
Description:
A vulnerability has been reported in McAfee SaaS Endpoint Protection, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in myCIOScn.dll when processing the "ShowReport()" method, which accepts arbitrary commands without authentication.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 5.2.0.603. Other versions may also be affected.
 
Solution
Set the kill-bit for the affected ActiveX control.
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 25 بهمن 1390

امتیاز

امتیاز شما
تعداد امتیازها: 0