CVE-2007-1538

3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 62.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Virusscan Enterprise

Timeline

PublishedMar 20

Latest updateMay 1

Description

McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and t…

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmcafee/virusscan_enterprise8.5i

🔴Vulnerability Details

GHSA

GHSA-8hqh-p9h5-r8wj: ** DISPUTED ** McAfee VirusScan Enterprise 8↗2022-05-01

▶

CVEList

CVE-2007-1538: McAfee VirusScan Enterprise 8↗2007-03-20

▶