HSC Research Group -
Written by Hackers Center
Monday, 03 December 2007 11:05
[HSC] McAfee SecurityCenter Privacy Service HTML Execution Vulnerability
McAfee provides a proactive PC and Internet security service that helps you avoid
online attacks and protects what you value from hackers, identity thieves and other
A HTML execution vulnerability may allow an attacker to execute HTML scripts on
the system under the context of the user. These scripts can perform any action that the
user would. The flaw lies in the processing of filtering that is saved after exiting.
Hackers Center Security Group (http://www.hackerscenter.com)
Class: Input Validation Error
Product: McAfee SecurityCenter
Version: McAfee Privacy Service 188.8.131.52
Exploit: An exploit is not required.
An attacker may attack this issue to execute code in the context of the affected software, and distribute this code across Privacy Service infrastructure. Also making a patch that works
with this hole will allow attackers to use this hole as platform for other attacks.
After turning your software into a web browser, you can inject
this website http://www.crashie.com/ and it will crash McAfee Privacy Service.
One can also use an Internet Explorer exploit to crash the McAfee Application.
Paste your slogan to see if software is vul to this attack.
Proof of Concept:
Only becoming a Ethical Hacker, you can stop Black Hat Hackers. Learn with out
having to pay thousands!- http://kit.hackerscenter.com - The most comprehensive
security pack you will ever find on the net!