CVE-2000-0650

The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/1458	Patch Vendor Advisory
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753	Patch Vendor Advisory
http://www.osvdb.org/1458
http://www.osvdb.org/4200
https://exchange.xforce.ibmcloud.com/vulnerabilities/5177

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:network_associates:netshield:4.5:::::::*
	cpe:2.3:a:network_associates:virusscan:4.5::windows_nt:::::

Information

Published : 2000-07-10 21:00

Updated : 2017-10-09 18:29

NVD link : CVE-2000-0650

Mitre link : CVE-2000-0650

JSON object : View

CWE

NVD-CWE-Other

Products Affected

network_associates

virusscan
netshield

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/1458", "name": "1458", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753", "name": "20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5", "tags": ["Patch", "Vendor Advisory"], "refsource": "NTBUGTRAQ"}, {"url": "http://www.osvdb.org/1458", "name": "1458", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/4200", "name": "4200", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5177", "name": "nai-virusscan-netshield-autoupgrade(5177)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2000-0650", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2000-07-11T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:network_associates:netshield:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:network_associates:virusscan:4.5:*:windows_nt:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:29Z"}

2.1 /10