HTTP: McAfee FreeScan Unsafe ActiveX Control

This signature detects attempts to exploit a known vulnerability against McAfee FreeScan software running inside a Web browser. Attackers can gather important information, such as the current user or the full path to sensitive directories, from a remote client.

Extended Description

Symantec Norton AntiVirus is prone to a remote code execution vulnerability. This issue presents itself in an ActiveX control used by the application and could allow an attacker to execute arbitrary executables, launch URI pop-up windows, and carry out denial of service attacks against the antivirus application. Norton AntiVirus 2004 is prone to this vulnerability.

Affected Products

Symantec norton_antivirus_2004

Short Name
HTTP:STC:ACTIVEX:MCAFEE-FREESCN
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ActiveX CVE-2004-1908 Control FreeScan McAfee Unsafe bid:10392
Release Date
04/14/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3724
False Positive
Unknown
Vendors

Symantec

CVSS Score

5.0

Found a potential security threat?