McAfee Virtual Technician ActiveX Control GetObject() Method Remote Command Execution (SB10028)

high Nessus Plugin ID 61719
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

An ActiveX control installed on the remote Windows host can be abused to execute arbitrary code.

Description

The remote Windows host has a version of the McAfee Virtual Technician / ePolicy Orchestrator ActiveX control that allows execution of arbitrary code. The 'GetObject()' method can be used to load any class on the underlying operating system. For example, by loading the 'WScript.Shell' class, attackers can then run arbitrary operating system commands.

If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to execute arbitrary commands on the affected system subject to the user's privileges.

Solution

Upgrade to McAfee Virtual Technician 6.4 / ePolicy Orchestrator 1.0.8 or later.

See Also

https://kc.mcafee.com/corporate/index?page=content&id=SB10028

Plugin Details

Severity: High

ID: 61719

File Name: mcafee_virtual_technician_activex.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 8/29/2012

Updated: 7/14/2018

Dependencies: smb_hotfixes.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:mcafee:mcafee_virtual_technician:*:*:*:*:*:*:*:*

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/4/2012

Vulnerability Publication Date: 4/30/2012

Exploitable With

Metasploit (McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability)

Reference Information

CVE: CVE-2012-4598

BID: 53304

EDB-ID: 18805, 18812

MCAFEE-SB: SB10028