• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

McAfee VirusScan Path Specification Local Privilege Escalation Vulnerability

McAfee VirusScan is prone to a vulnerability that could allow an arbitrary file to be executed.

The 'naPrdMgr.exe' process calls applications without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges.

McAfee VirusScan Enterprise 8.0i (patch 11) is reportedly vulnerable. Other versions may be affected as well.