CVE-2006-3623

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator Agent
Vendor: CVE Published:; 18 July 2006

Summary

Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.

References

http://www.eeye.com/html/research/advisories/AD20060713.html

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/27738

vdb-entryx_refsource_XF

http://secunia.com/advisories/21037

third-party-advisoryx_refsource_SECUNIA

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 18, 2006
Vulnerability Reserved
Jul 14, 2006