First published: Thu Mar 28 2013(Updated: )
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
McAfee Virtual Technician | <=6.5.0.2101 | |
McAfee Virtual Technician | =6.3.0.1911 | |
McAfee Virtual Technician | <=6.5.0.2101 | |
McAfee Virtual Technician | =1.0 | |
McAfee Virtual Technician | =1.0.4.0 | |
McAfee Virtual Technician | =1.0.7 | |
McAfee Virtual Technician | =1.0.8 | |
McAfee Virtual Technician | =1.0.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-5879 is rated as a medium to high severity vulnerability due to its ability to allow remote attackers to create or modify files.
To mitigate CVE-2012-5879, users should upgrade to McAfee Virtual Technician version 6.5.0.2102 or later, which addresses this vulnerability.
CVE-2012-5879 allows remote attackers to execute file manipulation attacks, potentially leading to further system compromise.
CVE-2012-5879 affects McAfee Virtual Technician 6.5.0.2101 and earlier, as well as various versions of ePO McAfee Virtual Technician.
Yes, if you are using an affected version of McAfee Virtual Technician, your system is at risk from the vulnerability identified by CVE-2012-5879.