Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
McAfee SaaS Endpoint Protection ActiveX Controls Multiple Code Execution Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is installed with McAfee SaaS Endpoint Protection and is prone to multiple code execution vulnerabilities.
Insight
Insight
- An error within the MyASUtil ActiveX control (MyAsUtil5.2.0.603.dll) when processing the 'CreateSecureObject()' method can be exploited to inject and execute arbitrary commands. - The insecure 'Start()' method within the MyCioScan ActiveX control (myCIOScn.dll) can be exploited to write to arbitrary files in the context of the currently logged-on user.
Affected Software
Affected Software
McAfee SaaS Endpoint Protection version 5.2.1 and prior.
Solution
Solution
Upgrade to McAfee SaaS Endpoint Protection version 5.2.2 or later.