Description
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
Exploits (1)
exploitdb
WORKING POC
by High-Tech Bridge SA · textremotewindows
https://www.exploit-db.com/exploits/24907
References (6)
Core 6
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10040
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1028357
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-03/0143.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/91700
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/58750
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23128
Scores
EPSS
0.1194
EPSS Percentile
93.8%
Details
CWE
CWE-264
Status
published
Products (8)
mcafee/epo_mcafee_virtual_technician
1.0
mcafee/epo_mcafee_virtual_technician
1.0.4.0
mcafee/epo_mcafee_virtual_technician
1.0.7
mcafee/epo_mcafee_virtual_technician
1.0.8
mcafee/epo_mcafee_virtual_technician
1.0.9
mcafee/epo_mcafee_virtual_technician
< 6.5.0.2101
mcafee/mcafee_virtual_technician
6.3.0.1911
mcafee/mcafee_virtual_technician
< 6.5.0.2101
Published
Mar 28, 2013
Tracked Since
Feb 18, 2026