5

CVE-2005-3657

EPSS 0.69%
Published 21.12.2005 11:03:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Mcafee ≫ Mcinsctl.Dll Version4.0.0.83

Mcafee ≫ Virusscan Security Center

Mcafee ≫ Virusscan Security Center Version4.0

Mcafee ≫ Virusscan Security Center Version4.0.3

Mcafee ≫ Virusscan Security Center Version4.5

Mcafee ≫ Virusscan Security Center Version4.5.1

Mcafee ≫ Virusscan Security Center Version5.0

Mcafee ≫ Virusscan Security Center Version6.0

Mcafee ≫ Virusscan Security Center Version7.0

Mcafee ≫ Virusscan Security Center Version7.1

Mcafee ≫ Virusscan Security Center Version8.0

Mcafee ≫ Virusscan Security Center Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.69%	0.709

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

http://secunia.com/advisories/18169

http://securityreason.com/securityalert/279

http://securitytracker.com/id?1015390

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=358

Vendor Advisory

http://www.securityfocus.com/bid/15986

http://www.vupen.com/english/advisories/2005/3006

https://nvd.nist.gov/vuln/detail/CVE-2005-3657

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3657

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3657

EUVD