McAfee Virtual Technician ActiveX Control GetObject() Method Remote Command Execution (SB10028)

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

An ActiveX control installed on the remote Windows host can be abused
to execute arbitrary code.

Description :

The remote Windows host has a version of the McAfee Virtual Technician
/ ePolicy Orchestrator ActiveX control that allows execution of
arbitrary code. The 'GetObject()' method can be used to load any class
on the underlying operating system. For example, by loading the
'WScript.Shell' class, attackers can then run arbitrary operating system
commands.

If an attacker can trick a user on the affected host into viewing a
specially crafted HTML document, he can leverage this issue to execute
arbitrary commands on the affected system subject to the user's
privileges.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10028

Solution :

Upgrade to McAfee Virtual Technician 6.4 / ePolicy Orchestrator 1.0.8 or
later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 61719 ()

Bugtraq ID: 53304

CVE ID: CVE-2012-4598

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now