Apr 19, 2007

[Security] McAfee VirusScan On-Access Scanner Vulnerability

iDefense has released a report about a vulnerability in McAfee VirusScan. This vulnerability manifests itself when the On-Access Scanner component scans a file with a long file name that contains multibyte characters, and only on computers with East Asia language files installed, and the Unicode default codepage is set to multibyte language character set.

When the vulnerability is succesfully exploited, the On-Access Scanner component of the app is disabled or remote code execution happens.

This vulnerability is hard to exploit, as there are lots of conditions that must be fulfilled:

1. The file must have a long file name
2. The file name contains multibyte characters
3. East Asia language files must be installed on the target computer and Unicode codepage is set to multibyte character language
4. The attacker must be able to place the file in the target computer (as an attachment to an email message, probably, but the user has to save the attachment first)
5. The file must be opened or the user hovers the mouse over the file

There is no workaround for this vulnerability, so McAfee VirusScan users are advised to install Patch15. View the McAfee Security Bulletin.

(Cross posted from here.)

No comments:

Post a Comment