McAfee Virtual Technician ActiveX Control Insecure Method
08 April 2013
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 18.104.22.1681 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)
The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.