Vulnerability Details : CVE-2012-4598
Public exploit exists!
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2012-4598
- cpe:2.3:a:mcafee:mcafee_virtual_technician:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:1.0.4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4598
70.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-4598
-
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
Disclosure Date: 2012-04-30First seen: 2020-04-26exploit/windows/browser/mcafee_mvt_execThis module exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the c
CVSS scores for CVE-2012-4598
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2012-4598
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10028
Vendor Advisory
Jump to