en

‫ تزريق دستور ""ShowReport() در كنترل هاي ActiveX در McAfee SaaS Endpoint Protection

IRCAD2012011652
ID: IRCAD2012011652
Release Date: 2012-01-16
Criticality level: Highly critical
Software:
McAfee SaaS Endpoint Protection 5.x
Description:
A vulnerability has been reported in McAfee SaaS Endpoint Protection, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in myCIOScn.dll when processing the "ShowReport()" method, which accepts arbitrary commands without authentication.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 5.2.0.603. Other versions may also be affected.
Solution
Set the kill-bit for the affected ActiveX control.
References:
Secunia:

The Wall

No comments
You need to sign in to comment