CVE-2000-0650

The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.

Published: Jul 11, 2000
Updated: Apr 13, 2023
CVE: CVE-2000-0650
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
network_associates / virusscan	4.5	4.5.x
network_associates / netshield	4.5	4.5.x

http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753
http://www.osvdb.org/1458
http://www.osvdb.org/4200
http://www.securityfocus.com/bid/1458
https://exchange.xforce.ibmcloud.com/vulnerabilities/5177

Vulnerability Database

289,697

CVE-2000-0650