Full Disclosure mailing list archives
SSD Advisory – McAfee Security Scan Plus Remote Command Execution
From: Maor Shwartz <maors () beyondsecurity com>
Date: Sun, 30 Jul 2017 10:41:27 +0300
SSD Advisory – McAfee Security Scan Plus Remote Command Execution Full report: https://blogs.securiteam.com/index.php/archives/3350 Twitter: @SecuriTeam_SSD *Vulnerability Summary* The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user. McAfee Security Scan Plus is a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus, firewall, and web security software. It also scans for threats in any open programs. *Credit* An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program *Vendor response* The vendor has released patches to address this vulnerability. For more information: https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102714 CVE: CVE-2017-3897 -- Thanks Maor Shwartz GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – McAfee Security Scan Plus Remote Command Execution – SecuriTeam Blogs.pdf
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- SSD Advisory – McAfee Security Scan Plus Remote Command Execution Maor Shwartz (Jul 31)