McAfee VirusScan Enterprise < 8.8 Patch 6/7 Hotfix 1123565 Protection Bypass Vulnerability (SB10158)
Low Nessus Plugin ID 91310
SynopsisThe antivirus application installed on the remote Windows host is affected by a security mechanism bypass vulnerability.
DescriptionThe version of McAfee VirusScan Enterprise (VSE) installed on the remote Windows host is 8.8 Patch 6 or Patch 7 without Hotfix 1123565.
It is, therefore, affected by a flaw related to closing registry handles for the McAfee VirusScan Console process. A local attacker with Windows administrative privileges can exploit this flaw to bypass password protection and thereby unlock the VirusScan Console window, resulting in access to resources protected by VSE.
SolutionUpgrade to McAfee VirusScan Enterprise version 8.8 Patch 6/7 Hotfix 1123565.