McAfee VirusScan Enterprise < 8.8 Patch 6/7 Hotfix 1123565 Protection Bypass Vulnerability (SB10158)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The antivirus application installed on the remote Windows host is
affected by a security mechanism bypass vulnerability.

Description :

The version of McAfee VirusScan Enterprise (VSE) installed on the
remote Windows host is 8.8 Patch 6 or Patch 7 without Hotfix 1123565.
It is, therefore, affected by a flaw related to closing registry
handles for the McAfee VirusScan Console process. A local attacker
with Windows administrative privileges can exploit this flaw to bypass
password protection and thereby unlock the VirusScan Console window,
resulting in access to resources protected by VSE.

See also :

https://kc.mcafee.com/corporate/index?page=content&id=SB10158

Solution :

Upgrade to McAfee VirusScan Enterprise version 8.8 Patch 6/7 Hotfix
1123565.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 91310 ()

Bugtraq ID:

CVE ID: CVE-2016-4534

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now