SSD Advisory – McAfee Security Scan Plus Remote Command Execution Full report: http://ift.tt/2v8lYZo Twitter: @SecuriTeam_SSD *Vulnerability Summary* The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user. McAfee Security Scan Plus is a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus, firewall, and web security software. It also scans for threats in any open programs. *Credit* An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program *Vendor response* The vendor has released patches to address this vulnerability. For more information: http://ift.tt/2wdkzxD CVE: CVE-2017-3897
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment