McAfee VirusScan Enterprise Untrusted Search Path Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with McAfee VirusScan Enterprise and is prone to untrusted search path vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary code via a crafted document embedded with ActiveX control. Impact Level: System/Application

Solution

Apply HF669863 patch for version 8.5i or Upgrade to version 8.7i or later, For updates refer to http://www.mcafee.com

Insight

Flaw is due to loading dynamic-link libraries (DLL) from an untrusted path.

Affected

McAfee VirusScan Enterprise versions prior to 8.7i

References

http://cxsecurity.com/cveshow/CVE-2009-5118
http://osvdb.org/69503

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-5118

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
3S CoDeSys CmpWebServer Multiple Vulnerabilities
Adobe Captivate Insecure Library Loading Vulnerability
Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)

Take action and discover your vulnerabilities