发布时间 :2001-01-09 00:00:00
修订时间 :2008-09-05 16:22:43

[原文]The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.

[CNNVD]McAfee VirusScan 4.5结束ImagePath漏洞(CNNVD-200101-097)

        McAfee VirusScan 4.5版本的默认配置不引用ImagePath变量,该漏洞不正确地设置搜索路径并且允许本地用户在C:\Program Files目录中放置Trojan木马"common.exe"程序。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  NTBUGTRAQ  20001103 Elevation of Privileges Exploit with McAfee VirusScan 4.5

- 漏洞信息

McAfee VirusScan 4.5结束ImagePath漏洞
中危 配置错误
2001-01-09 00:00:00 2005-10-20 00:00:00
        McAfee VirusScan 4.5版本的默认配置不引用ImagePath变量,该漏洞不正确地设置搜索路径并且允许本地用户在C:\Program Files目录中放置Trojan木马"common.exe"程序。

- 公告与补丁

        McAfee has released Service Pack 1 for VirusScan which eliminates this vulnerability.

- 漏洞信息

McAfee VirusScan Improper ImagePath Quoting
Local Access Required Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

McAfee VirusScan contains a flaw that may allow a malicious user to execute arbitrary code. The problem is that the default configuration of McAfee VirusScan does not quote the ImagePath variable, which improperly sets the search path. It is possible that the flaw may allow a malicious user to place an arbitrary file called "command.exe" in the "C:\Pogram Files" directory, which could be executed with Local System privileges when the computer is rebooted, resulting in a loss of integrity.

- 时间线

2000-11-03 Unknow
2000-11-03 Unknow

- 解决方案

Upgrade to version 4.5 Service Pack 1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

McAfee VirusScan 4.5 Unquoted ImagePath Vulnerability
Configuration Error 1920
No Yes
2000-11-03 12:00:00 2009-07-11 03:56:00
Posted to NTBugtraq on November 3, 2000 by Richard Fry <RichardFry@HALIFAX.CO.UK>.

- 受影响的程序版本

McAfee VirusScan 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0

- 漏洞讨论

The default installation of McAfee VirusScan excludes quotes around the image path (eg. ImagePath=C:\Program Files\Common Files\Network Associates\McShield\McShield.exe). Therefore, if a malicious user were to insert a hostile VB executable file named common.exe in C:\Program Files, it would automatically run upon startup of McShield.exe. The malicious user could perform the action of their choice given that it could be successfully deployed through a VB file. This includes privilege escalation, addition and removal of users, file modification, implanting of trojans and viruses, etc.

- 漏洞利用

See discussion.

- 解决方案

McAfee has released Service Pack 1 for VirusScan which eliminates this vulnerability.

- 相关参考