Unquoted Windows Search Path Privilege Escalation Vulnerability in McAfee VirusScan Enterprise 8.0i and CMA 3.5

Unquoted Windows Search Path Privilege Escalation Vulnerability in McAfee VirusScan Enterprise 8.0i and CMA 3.5

CVE-2005-4505 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.

Learn more about our User Device Pen Test.