You are here

T-688: McAfee Security Bulletin - McAfee SaaS Endpoint Protection update fixes multiple ActiveX issues

August 9, 2011 - 4:05am

Addthis

PROBLEM:

Two vulnerabilities were reported in McAfee Security-as-a-Service (SaaS) Endpoint Protection. A remote user can cause arbitrary code to be executed on the target user's system.

PLATFORM:

Endpoint Protection 5.2.1 and prior versions

ABSTRACT:

McAfee Security Bulletin - McAfee SaaS Endpoint Protection update fixes multiple ActiveX issues.

reference LINKS:

Security Bulletins ID: SB10016
SecurityTracker Alert ID: 1025890
Secunia Advisory: SA45506
Security Updates
Vulnerability Report
Technical Support

IMPACT ASSESSMENT:

High

Discussion:

Two vulnerabilities have been reported in McAfee SaaS Endpoint Protection, which can be exploited by malicious people to compromise a user's system.
1) An error within the MyASUtil ActiveX control (MyAsUtil5.2.0.603.dll) when processing the "CreateSecureObject()" method can be exploited to inject and execute arbitrary commands.(ZDI-CAN-1104)
2) The insecure "Start()" method within the MyCioScan ActiveX control (myCIOScn.dll) can be exploited to write to arbitrary files in the context of the currently logged-on user.(ZDI-CAN-1105)

Impact:

These issues both require a target to click on an attacker supplied link or open an attacker supplied file. Both have ActiveX protections that limit where the origination of the request could come from, meaning that an attacker needs to perform a separate attack (known as a XSS) for either of these attacks to work. A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
MyASUtil: TPTI-11-12
MyCioScan: TPTI-11-13

Solution:

The vendor has issued a fix (Endpoint Protection 5.2.2).
Security Updates
McAfee Downloads

Addthis