Mcafee Virusscan Enterprise vulnerabilities

CVE-2015-8577 [LOW] CWE-264 CVE-2015-8577: The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 alloc The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.

CVE-2009-5118 [CRITICAL] CVE-2009-5118: Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share.

CVE-2010-3496 [MEDIUM] CWE-264 CVE-2010-3496: McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// U McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.

CVE-2010-5143 [LOW] CWE-264 CVE-2010-5143: McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging admin McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.

CVE-2007-2152 [HIGH] CVE-2007-2152: Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters.

CVE-2007-1538 [HIGH] CVE-2007-1538: McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, whi McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disput

CVE-2006-4886 [LOW] CVE-2006-4886: The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 a The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.

CVE-2005-4505 [HIGH] CVE-2005-4505: Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3. Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.