Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

HTTP:STC:ACTIVEX:MCAFEE-VT

Severity

Major

Recommended

No

Recommended Action

Drop

Category

HTTP

Keywords

McAfee Virtual Technician ActiveX Control Command Injection

Release Date

2012/05/07

Update Number

2130

Supported Platforms

di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: McAfee Virtual Technician ActiveX Control Command Injection


This signature detects attempts to use unsafe ActiveX controls against McAfee Virtual Technician. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

McAfee Virtual Technician ActiveX control ('MVT.dll') is prone to a vulnerability caused by an insecure method. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. McAfee Virtual Technician 6.3.0.1911 is vulnerable; other versions may also be affected.

Affected Products

  • Mcafee epo-mvt 1.0.7
  • Mcafee virtual_technician 6.3.0.1911

References

  • BugTraq: 53304
  • BugTraq: 58750
  • CVE: CVE-2012-5879

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out