[HSC] McAfee SecurityCenter Privacy Service HTML Execution Vulnerability=0D
=0D
=0D
McAfee provides a proactive PC and Internet security service that helps you avoid =0D
online attacks and protects what you value from hackers, identity thieves and other =0D
online criminals. =0D
=0D
A HTML execution vulnerability may allow an attacker to execute HTML scripts on =0D
the system under the context of the user. These scripts can perform any action that the =0D
user would. The flaw lies in the processing of filtering that is saved after exiting.=0D
=0D
=0D
=0D
Hackers Center Security Group (http://www.hackerscenter.com)=0D 
Credit: DoZ=0D
=0D
=0D
Risk: Medium=0D
Class: Input Validation Error=0D
Local: Yes=0D
=0D
Vendor: http://us.mcafee.com/=0D 
Product: McAfee SecurityCenter=0D
Version: McAfee Privacy Service 8.1.0.136=0D
=0D
Exploit: An exploit is not required.=0D
=0D
An attacker may attack this issue to execute code in the context of the affected software, and distribute this code across Privacy Service infrastructure. Also making a patch that works=0D
with this hole will allow attackers to use this hole as platform for other attacks.=0D
=0D
=0D
=0D
Examples: =0D
=0D
1.=0D
After turning your software into a web browser, you can inject=0D
this website http://www.crashie.com/ and it will crash McAfee Privacy Service.=0D 
One can also use an Internet Explorer exploit to crash the McAfee Application.=0D
=0D
=0D
=0D
2.=0D
Paste your slogan to see if software is vul to this attack.=0D
=0D
Hello!
=0D
=0D
=0D
=0D
Proof of Concept:=0D
=0D
http://www.hackerscenter.com/public/images/1.jpg=0D 
http://www.hackerscenter.com/public/images/2.jpg=0D 
http://www.hackerscenter.com/public/images/3.jpg=0D 
=0D
=0D
=0D
Only becoming a Ethical Hacker, you can stop Black Hat Hackers. Learn with out =0D
having to pay thousands!- http://kit.hackerscenter.com - The most comprehensive =0D 
security pack you will ever find on the net!