VULNERABILITIES - December 21, 2005

TITLE:
McAfee SecurityCenter "mcinsctl.dll" ActiveX File Overwrite
Vulnerability

SECUNIA ADVISORY ID:
SA18169

VERIFY ADVISORY:
http://secunia.com/advisories/18169/

CRITICAL:
Highly critical

IMPACT:
Manipulation of data, System access

WHERE:
From remote

SOFTWARE:
McAfee SecurityCenter 6.x
http://secunia.com/product/6437/
McAfee VirusScan 4.x
http://secunia.com/product/275/
McAfee VirusScan 8.x/2004
http://secunia.com/product/4740/
McAfee VirusScan 9.x/2005
http://secunia.com/product/4792/
McAfee VirusScan Enterprise 7.x
http://secunia.com/product/264/
McAfee VirusScan Enterprise 8.x
http://secunia.com/product/3948/
McAfee VirusScan Professional 7.x
http://secunia.com/product/265/
McAfee VirusScan Professional 8.x
http://secunia.com/product/5273/

DESCRIPTION:
Peter Vreugdenhil has reported a vulnerability in McAfee
SecurityCenter, which potentially can be exploited by malicious
people to compromise a vulnerable system.

The vulnerability is caused due to an error in restricting the
browser domain in which the "mcinsctl.dll" ActiveX control can be
instantiated. The control contains the "MCINSTALL.McLog" object that
can be used to write to a log file. This can be exploited to create
or append to arbitrary files, potentially allowing arbitrary code
execution by creating files in the user's startup folder.

Successful exploitation requires that the user is e.g. tricked into
visiting a malicious website.

The vulnerability has been reported in "mcinsctl.dll" version
4.0.0.83 that is included with McAfee VirusScan. Other products that
contain the vulnerability ActiveX control may also be affected.

SOLUTION:
The vulnerability has reportedly been fixed via automatic update.

PROVIDED AND/OR DISCOVERED BY:
Peter Vreugdenhil

ORIGINAL ADVISORY:
iDEFENSE:
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=358