An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method.
https://www.htbridge.com/advisory/HTB23128
https://kc.mcafee.com/corporate/index?page=content&id=SB10040