CVE-2007-1538

high Trellix
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
0.2%
Exploitation probability in 30 days
Top 63% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: March 20, 2007 (6994 days ago)
Last Modified: April 23, 2026
Vendor: Trellix
Source: NVD

Description

McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product

CWE

NVD-CWE-Other

Affected Products

mcafee virusscan enterprise

References

🔗 homepage.mac.com 🔗 homepage.mac.com 🔗 www.osvdb.org 🔗 www.securityfocus.com 🔗 www.securityfocus.com