Description
The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/279
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015390
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/3006
Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=358
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15986
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18169
Scores
EPSS
0.0069
EPSS Percentile
72.1%
Details
Status
published
Products (12)
mcafee/mcinsctl.dll
4.0.0.83
mcafee/virusscan_security_center
mcafee/virusscan_security_center
4.0
mcafee/virusscan_security_center
4.0.3
mcafee/virusscan_security_center
4.5
mcafee/virusscan_security_center
4.5.1
mcafee/virusscan_security_center
5.0
mcafee/virusscan_security_center
6.0
mcafee/virusscan_security_center
7.0
mcafee/virusscan_security_center
7.1
... and 2 more
Published
Dec 21, 2005
Tracked Since
Feb 18, 2026