McAfee VirusScan Unauthorized User Alert File Modification
Local Access Required
Loss of Integrity
McAfee VirusScan contains a flaw that may allow a malicious user to send an unlimited amount of alerts to the Central Alert server. The issue is triggered due to insecure permissions of the alert text file, which contains informations such as username, computer name and informations about detected viruses. It is possible that the flaw may allow an malicious user to arbitrary modify these informations resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.