Vigil@nce - McAfee Application Control: five vulnerabilities
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of McAfee Application
Control.
– Impacted products: McAfee Application Control.
– Severity: 2/4.
– Creation date: 28/07/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in McAfee Application
Control.
An attacker can use scinject.dll to exploit a memory corruption,
in order to trigger a denial of service, and possibly to run code.
[severity:2/4]
An attacker can generate a buffer overflow in ZIP, in order to
trigger a denial of service, and possibly to run code.
[severity:2/4]
An attacker can trigger a fatal error with an IOCTL, in order to
trigger a denial of service. [severity:1/4]
An attacker can bypass security features in Application
Whitelisting, in order to escalate his privileges. [severity:2/4]
An attacker can bypass security features of the Read/Write
Protection, in order to escalate his privileges. [severity:1/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/McAfee-Application-Control-five-vulnerabilities-17515