Vulnerability Details : CVE-2012-4598
Public exploit exists!
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-4598
Probability of exploitation activity in the next 30 days: 94.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2012-4598
-
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
Disclosure Date: 2012-04-30First seen: 2020-04-26exploit/windows/browser/mcafee_mvt_execThis module exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the c
CVSS scores for CVE-2012-4598
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2012-4598
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10028
Vendor Advisory
Products affected by CVE-2012-4598
- cpe:2.3:a:mcafee:mcafee_virtual_technician:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:epo_mcafee_virtual_technician:1.0.4.0:*:*:*:*:*:*:*