McAfee Virtual Technician McHealthCheck.dll ActiveX Control Save() Method Arbitrary File Overwrite (SB10040)

High Nessus Plugin ID 65942


An ActiveX control installed on the remote Windows host can be abused to overwrite arbitrary files.


The remote Windows host has a version of the McAfee Virtual Technician / ePolicy Orchestrator McHealthCheck.dll ActiveX control that allows arbitrary files to be corrupted / overwritten due to a flaw in the Save() method.

If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, this issue could potentially be leveraged to overwrite files, potentially leading to remote code execution.


Upgrade to McAfee Virtual Technician 7.1 / ePolicy Orchestrator 1.1.0 or later.

See Also

Plugin Details

Severity: High

ID: 65942

File Name: mcafee_virtual_technician_activex1.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2013/04/12

Modified: 2016/12/19

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mcafee:mcafee_virtual_technician

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/03/26

Vulnerability Publication Date: 2013/03/26

Reference Information

CVE: CVE-2012-5879

BID: 58750

OSVDB: 91700

EDB-ID: 24907