CVE-2004-1906

Mcafee FreeScan - DoS/Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1906. PoCs published by Rafel Ivgi The-Insider.

AI-analyzed exploit summary This VBScript exploit targets a buffer overflow vulnerability in the McAfee FreeScan CoMcFreeScan browser object by overflowing the 'ScanParam' variable with a long string of 'a' characters. The exploit is designed to achieve remote code execution in the context of the user running the browser.

Description

Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rafel Ivgi The-Insider · textdoswindows

https://www.exploit-db.com/exploits/23920

View Code ZIP pw:eip

This VBScript exploit targets a buffer overflow vulnerability in the McAfee FreeScan CoMcFreeScan browser object by overflowing the 'ScanParam' variable with a long string of 'a' characters. The exploit is designed to achieve remote code execution in the context of the user running the browser.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: McAfee FreeScan CoMcFreeScan browser object

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · McAfee FreeScan CoMcFreeScan browser object must be installed

MITRE ATT&CK