Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2005-3657 to a friend New vulnerability? New tool? Tell us	CVE-2005-3657 McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite     Credit: The information has been provided by iDEFENSE Labs. The original article can be found at: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=358 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2005-3657 Details Check for CVE-2005-3657 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * McAfee VirusScan mcinsctl.dll version 4.0.0.83 The vulnerability specifically exists due to a registered ActiveX control failing to restrict which domains may load the control for execution. MCINSCTL.DLL as included with McAfee Security Center exports an object for logging called MCINSTALL.McLog. The McLog object is designed to allow Security Center to log to a file through the StartLog and AddLog methods. McAfee fails to restrict the ActiveX control from being loaded in arbitrary domains. As such, attackers can create a specially crafted web page utilizing the McLog object to create arbitrary files. This attack can lead to arbitrary code execution by a remote attacker. Successful exploitation of this vulnerability allow attackers to create or append to arbitrary files. An attacker can write to a startup folder to execute arbitrary code during the next reboot or logon session. A user will not be required to authorize the object instantiation since the object is within a signed ActiveX control. A typical exploitation scenario would require an attacker to convince a targeted user to visit a malicious website. This vulnerability hints at a new class of vulnerabilities that occur due to developers not using the IObjectSafetySiteLock() API to restrict domains that can load a particular ActiveX control. Vendors who distributed third-party ActiveX controls should be sure to use the IObjectSafetySiteLock() API in their applications. Vendor Status: "McAfee previously released updates to SecurityCenter that resolve this issue. All active McAfee SecurityCenter users, by default, should have automatically received the update, and will now have the fix for this vulnerability already installed on their computers. To manually check for updates, users can right-click the McAfee system tray icon (white M on red background) and select 'Updates'. In the resulting dialog box, they should click 'Check Now' to check the server for updates. The user will be walked through the update process or be notified that all software is up to date. If a user has not yet registered, a registration web page or the registration wizard will pop-up, guiding the user through the update process. McAfee's key priority is the security of our customers. In the event that a vulnerability is found within any of McAfee's software, we have a strong process in place to work closely with the relevant security research group to ensure the rapid and effective development of a fix and communication plan." CVE Information: CVE-2005-3657 Disclosure Timeline: 11/15/2005 - Initial vendor notification 11/16/2005 - Initial vendor response 12/20/2005 - Coordinated public disclosure  Comments on CVE-2005-3657:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2017 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®