McAfee Security Installer Control System mcinsctl.dll Information Disclosure
Remote / Network Access
Loss of Confidentiality
McAfee Security Installer Control System contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker lures a user into visiting a malicious website where values in user accessible registry keys can be read via the "RegQueryValue()" method in the "McAfee.com Registry Class" object, which will disclose sensitive information resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Delete the affected ActiveX component (mcinsctl.dll).