SSD Advisory – McAfee Security Scan Plus Remote Command Execution
The following advisory describes a Remote Command Execution found in McAfee Security Scan Plus version 3.11.587.1
McAfee Security Scan Plus is “a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus, firewall, and web security software. It also scans for threats in any open programs.”
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
A Security Bulletin, TS102723, was published for the vulnerability, available here:
An active network attacker can achieve remote code execution on a machine that runs McAfee Security Scan Plus
When the scan is complete, McAfee Security Scan Plus POST data to liteapps.mcafee.com over plaintext HTTP channel.
A man-in-the-middle attack can modify the response, by add
<script> window.external.LaunchApplication("c:\\windows\\system32\\calc.exe", ""); </script>