Description
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
References (2)
Core 2
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1920
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_ntbugtraq
http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html
Scores
EPSS
0.0010
EPSS Percentile
26.8%
Details
Status
published
Products (1)
mcafee/virusscan
4.5
Published
Jan 09, 2001
Tracked Since
Feb 18, 2026