McAfee Virtual Technician ActiveX Control Insecure Method
08 April 2013
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 126.96.36.1991 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)
Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.
While SIEM still serves a valid purpose in the market, our teams were still missing alerts that led to significant data breaches. Enterprises were creating more data than ever before, hackers were getting smarter and making strategic hires in the security market was getting tougher.
Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs. Before that, he was mostly known for his work with OWASP and the development of ModSecurity.