Detections
Analytics
McAfee VirusScan Enterprise < 8.8 Patch 9 Scriptscan COM Object DoS (SB10194)
medium Nessus Plugin ID 100125
Language:
Synopsis
The antivirus application installed on the remote Windows host is affected by a denial of service vulnerability.Description
The version of McAfee VirusScan Enterprise (VSE) installed on the remote Windows host is prior to 8.9 Patch 9. It is, therefore, affected by a memory corruption issue in the Scriptscan COM object. An unauthenticated, remote attacker can exploit this, via a specially crafted HTML link, to cause a denial of service condition on the active Internet Explorer tab. Note that this denial of service occurs only after a fresh installation of the Scriptscan COM DLL during initialization.Solution
Upgrade to McAfee VirusScan Enterprise version 8.8 Patch 9.See Also
https://kc.mcafee.com/corporate/index?page=content&id=SB10194
Plugin Details
Severity: Medium
ID: 100125
File Name: mcafee_vse_sb10194.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 5/11/2017
Updated: 7/14/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:mcafee:virusscan_enterprise
Required KB Items: Antivirus/McAfee/installed
Exploit Ease: No known exploits are available
Patch Publication Date: 4/11/2017
Vulnerability Publication Date: 4/11/2017
Reference Information
CVE: CVE-2016-8030
BID: 98041
MCAFEE-SB: SB10194