CVE-2012-4598

McAfee Virtual Technician <6.4 - RCE

Title source: llm

Description

An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18812

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by rgod · textremotewindows

https://www.exploit-db.com/exploits/18805

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by rgod, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mcafee_mvt_exec.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10028

Scores

EPSS 0.6790

EPSS Percentile 98.6%

Details

Status published

Products (4)

mcafee/epo_mcafee_virtual_technician 1.0

mcafee/epo_mcafee_virtual_technician 1.0.4.0

mcafee/epo_mcafee_virtual_technician < 1.0.7

mcafee/mcafee_virtual_technician < 6.3.0.1911

Published Aug 22, 2012

Tracked Since Feb 18, 2026