Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4505

4 documents4 sources

Severity

7.2HIGH

EPSS

0.2%

top 55.99%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mcafee Common Management Agent Mcafee Virusscan Enterprise

Timeline

PublishedDec 23

Latest updateMay 1

Description

Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmcafee/virusscan_enterprise8.0i

▶NVDmcafee/common_management_agent3.5

🔴Vulnerability Details

GHSA

GHSA-jx59-j4wf-4x4h: Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8↗2022-05-01

▶

CVEList

CVE-2005-4505: Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8↗2005-12-23

▶

💥Exploits & PoCs

Exploit-DB

McAfee VirusScan 8.0 - Path Specification Privilege Escalation↗2005-12-22

▶