CVE-2007-1227

McAfee VirusScan for Mac <7.7 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1227. PoCs published by Kevin Finisterre.

AI-analyzed exploit summary This exploit leverages a symlink vulnerability in Virex 7.7 to manipulate the root crontab file, achieving privilege escalation. It creates a backdoor and a malicious crontab entry to execute arbitrary commands as root after a system reboot.

Description

VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · perllocalosx

https://www.exploit-db.com/exploits/3386

View Code ZIP pw:eip

This exploit leverages a symlink vulnerability in Virex 7.7 to manipulate the root crontab file, achieving privilege escalation. It creates a backdoor and a malicious crontab entry to execute arbitrary commands as root after a system reboot.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Virex 7.7

No auth needed

Prerequisites: Access to the target system · Ability to create symlinks and files in specific directories

MITRE ATT&CK