McAfee Virtual Technician ActiveX Control Insecure Method
08 April 2013
An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 184.108.40.2061 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)
You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.