Lucene search

MitreCVE-2007-1227

HistoryMar 02, 2007 - 10:19 p.m.

CVE-2007-1227

2007-03-0222:19:00

CWE-264

mitre

web.nvd.nist.gov

mcafee

virusscan

mac

virex

vulnerability

symlink

nvd

cve-2007-1227

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

Percentile

0.4%

JSON

VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.

Affected configurations

Nvd

Node

mcafeevirexRange≤7.7-mac

mcafeevirexMatch6.2-mac

VendorProductVersionCPE
mcafeevirex*cpe:2.3:a:mcafee:virex:*:-:mac:*:*:*:*:*
mcafeevirex6.2cpe:2.3:a:mcafee:virex:6.2:-:mac:*:*:*:*:*

Vendor	Product	Version	CPE
mcafee	virex	*	cpe:2.3:a:mcafee:virex::-:mac:::::
mcafee	virex	6.2	cpe:2.3:a:mcafee:virex:6.2:-:mac:::::*

References

osvdb.org/33797

secunia.com/advisories/24337

securityreason.com/securityalert/2342

www.securityfocus.com/archive/1/461485/100/0/threaded

www.securityfocus.com/bid/22744

www.securitytracker.com/id?1017707

www.vupen.com/english/advisories/2007/0777

exchange.xforce.ibmcloud.com/vulnerabilities/32729

knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=518722&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=518722

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for CVE-2007-1227