McAfee VirusScan 4.5 Unquoted ImagePath Vulnerability

The default installation of McAfee VirusScan excludes quotes around the image path (eg. ImagePath=C:\Program Files\Common Files\Network Associates\McShield\McShield.exe). Therefore, if a malicious user were to insert a hostile VB executable file named common.exe in C:\Program Files, it would automatically run upon startup of McShield.exe. The malicious user could perform the action of their choice given that it could be successfully deployed through a VB file. This includes privilege escalation, addition and removal of users, file modification, implanting of trojans and viruses, etc.


Privacy Statement
Copyright 2010, SecurityFocus