McAfee VirusScan Enterprise 8.5 / 8.7 hcp:// Security Bypass (SB10012)
Medium Nessus Plugin ID 72216
SynopsisThe remote host has an antivirus application that is affected by a security bypass vulnerability.
DescriptionThe remote Windows host has McAfee VirusScan Enterprise version 8.5 or 8.7. It is, therefore, affected by a security bypass vulnerability due to a failure to properly interact with the processing of 'hcp://' URLs. This can lead to malware execution prior to detection.
SolutionApply the patch from Microsoft Bulletin MS10-042 or enable VirusScan Enterprise access protection rule 'Disable HCP URLs in Internet Explorer' (requires Buffer Overflow and Access Protection DAT Version 516 or greater).