SuperScan response to Cross Site Scripting (XSS) vulnerability CVE-2013-4884

Technical Articles ID: KB78992
Last Modified: 5/11/2017

Environment

McAfee SuperScan 4.0

Summary

SuperScan is a free McAfee tool used by customers to quickly scan their networks for system level information. It is possible to inject a Cross Site Script (XSS) payload into the SuperScan HTML report, based on the response from the host.

The precondition to successfully exploit this vulnerability is that the attacker must already have a compromised server executing on the scan target network. Therefore, this XSS attack does not give the attacker further privilege escalation or similar advantage. The attack is against the browser when reading a SuperScan report in an HTML browser.

This update resolves the vulnerability, whereby the attacker can no longer submit code within the data channel to the HTML report output.

CVE-2013-4884
Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4884

Solution

All of these issues are resolved in SuperScan 4.1, which was released to the McAfee Downloads site on July 31, 2013.

Patch Name	Type	File Name	Status
SuperScan 4.1	Standalone EXE	SuperScan4.1.exe	Released on 7/31/2013

SuperScan download Instructions.

Launch Internet Explorer.
Navigate to: http://www.mcafee.com/us/downloads/free-tools/superscan.aspx.
Click the link download this tool now to download the product .ZIP file.

For instructions on how to download McAfee products, documentation, security updates, patches, or hotfixes, see: KB56057.

For instructions on how to install/upgrade this new version of SuperScan, review the Release Notes and the Installation Guide (which can be downloaded from the Documentation tab) following the same steps above.

Workaround

If using a vulnerable version of SuperScan, users are advised to scan only trusted hosts on protected networks. Further, users should be cautious of a URL or other unexpected HTML in a scan report. Do not click on unknown URLs.

Related Information

McAfee credits Piotr Duszynski from Trustwave for reporting this flaw.

Frequently Asked Questions (FAQs)
For more information on the CVSS scoring for this issue, see http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N/E:F/RL:O/RC:C).

What is affected by this security vulnerability?
McAfee SuperScan 4.0 and earlier.

Affected versions:

McAfee SuperScan 4.0

Protected versions:

McAfee SuperScan 4.1 (or later)

McAfee recommends that all customers verify that they have applied the latest updates.

What issues do this hotfix / patch address?
This update resolves the vulnerability where an attacker can inject a XSS payload into the SuperScan HTML report.

Does this vulnerability affect McAfee enterprise products?
No, SuperScan 4.0 is a free network scanning product.

How do I know if my SuperScan is vulnerable or not?
Right-click on the SuperScan.exe icon, and click Properties, Details. You can now see the product version.

Affected Products

Known Issue/Product Defect

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Knowledge Center

SuperScan response to Cross Site Scripting (XSS) vulnerability CVE-2013-4884

Environment

Summary

Solution

Workaround

Related Information

Affected Products

Glossary of Technical Terms

Title

Title

Knowledge Center

SuperScan response to Cross Site Scripting (XSS) vulnerability CVE-2013-4884

Environment

Summary

Solution

Workaround

Related Information

Affected Products

Glossary of Technical Terms

Choose your region

Title

Title