McAfee Virtual Technician MVT.MVTControl ActiveX Control Insecure Method

Added: 05/04/2012
BID: 53304

Background

McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly.

Problem

McAfee Virtual Technician ActiveX control (MVT.dll), as provided in McAfee Virtual Technician 6.3.0.1911 (and perhaps other versions), is vulnerable to remote code execution caused by an insecure GetObject method.

Resolution

Contact the vendor to determine when the product has been patched. In the interim, the MVT.MVTControl ActiveX control in MVT.dll can be disabled by following Microsoft's instructions at http://support.microsoft.com/kb/240797 to disable clsid:2EBE1406-BE0E-44E6-AE10-247A0C5AEDCF.

References

http://retrogod.altervista.org/9sg_mcafee_vt_adv.htm

Limitations

This exploit has been tested against McAfee Virtual Technician 6.3.0.1911 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

The exploit page must be opened using Internet Explorer 8 or 9 on the target.

Platforms

Windows

Back to exploit index