A flaw in McAfee Internet Security Suite 2005 could let employees sharing the same computer break into one another"s files, according to security consultant iDefense.
The vulnerability, which exists in the default settings applied during installation, gives anyone the same access rights on a PC as an IT administrator. That, in effect, would let someone remove any restricted access specified on a PC, according to a report released by iDefense on Monday. It could also let an employee install software prohibited by his employer.
An employee who shares a computer with co-workers, for example, could then access colleagues" files or install programs such as peer-to-peer software on the machine. Home users are unlikely to be affected by this flaw because they generally do not assign user restrictions on their PCs, said Michael Sutton, iDefense Labs director.