Back to search
CVE-2005-3657
Published: Dec 21, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
279
third-party-advisory
x_refsource_SREASON
1015390
vdb-entry
x_refsource_SECTRACK
ADV-2005-3006
vdb-entry
x_refsource_VUPEN
20051220 McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite
third-party-advisory
x_refsource_IDEFENSE
15986
vdb-entry
x_refsource_BID
18169
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now