Unquoted ImagePath Vulnerability in McAfee VirusScan 4.5

Unquoted ImagePath Vulnerability in McAfee VirusScan 4.5

CVE-2000-1128 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.

Learn more about our User Device Pen Test.