McAfee VirusScan Enterprise Path Subversion Arbitrary DLL Injection Code Execution

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a program that allows arbitrary code
execution.

Description :

The version of McAfee VirusScan Enterprise installed on the remote
Windows host is earlier than 8.7i. Such versions insecurely look in
their current working directory when resolving DLL dependencies, such
as for 'traceapp.dll'.

Attackers may exploit the issue by placing a specially crafted DLL
file and another file associated with the application in a location
controlled by the attacker. When the associated file is launched, the
attacker's arbitrary code can be executed.

See also :

http://www.nessus.org/u?ae04902e

Solution :

Upgrade to VirusScan Enterprise 8.7i or later, or apply the hotfix
when it is released.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 50986 ()

Bugtraq ID: 45080

CVE ID: CVE-2009-5118

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now