Buffer Overflow in McAfee ePolicy Orchestrator and ProtectionPilot
CVE-2006-5156

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator; Protectionpilot
Vendor: CVE Published:; 5 October 2006

Summary

A buffer overflow vulnerability exists in McAfee ePolicy Orchestrator versions prior to 3.5.0.720 and ProtectionPilot versions prior to 1.1.1.126. This flaw allows remote attackers to exploit the system by sending a specially crafted request to the /spipe/pkg/ endpoint, which includes an excessively long source header. Successful exploitation may lead to the execution of arbitrary code on the affected system, compromising its integrity and security.

References

http://www.remote-exploit.org/advisories/mcafee-epo.pdf

x_refsource_MISC

http://securitytracker.com/id?1016970

vdb-entryx_refsource_SECTRACK

http://securitytracker.com/id?1016971

vdb-entryx_refsource_SECTRACK

EPSS Score

74% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 5, 2006
Vulnerability Reserved
Oct 3, 2006