[FD] SSD Advisory – McAfee Security Scan Plus Remote Command Execution

SSD Advisory – McAfee Security Scan Plus Remote Command Execution Full report: http://ift.tt/2v8lYZo Twitter: @SecuriTeam_SSD *Vulnerability Summary* The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user. McAfee Security Scan Plus is a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus, firewall, and web security software. It also scans for threats in any open programs. *Credit* An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program *Vendor response* The vendor has released patches to address this vulnerability. For more information: http://ift.tt/2wdkzxD CVE: CVE-2017-3897

Source: Gmail -> IFTTT-> Blogger

from Blogger http://ift.tt/2tQIOk4
via IFTTT

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s