McAfee Security Suite Insecure
Two widely used enterprise-grade applications, McAfee Internet Security Suite 2005 and RealPlayer Enterprise, have been hit by security flaws.
Source: TechWorldCorporate McAfee installations have a bug that could allow malicious users to bypass security restrictions or disable the McAfee software, while the RealPlayer flaw could enable a remote attacker to take over a system.
While McAfee's Security Suite is available for both business and home use, the flaw affects security restrictions, which are mainly used on business desktops to limit users' authority to install programs or carry out other privileged operations. Affected versions of McAfee could allow any user to execute malicious programs with the privileges of a system administrator, said iDefense, which disclosed the flaw this week.
The problem is with the file Access Control List (ACL) settings applied by default during installation. The settings allow non-administrator users to modify the installed files, iDefense said. "Because of the fact that some of the programs run as system services, a non-Administrator user can simply replace an installed McAfee Internet Security Suite 2005 file with their own malicious code that will later be executed with system privileges," the company said in an advisory.
0