Integer Overflow in McAfee ePolicy Orchestrator and ProtectionPilot
CVE-2006-5274

Currently unrated

Key Information:

Vendor: Mcafee
Status: Protectionpilot; Epolicy Orchestrator; Common Management Agent
Vendor: CVE Published:; 12 July 2007

Summary

An integer overflow vulnerability exists in McAfee's ePolicy Orchestrator and ProtectionPilot. This flaw affects versions 3.5 through 3.6.1 of ePolicy Orchestrator, and versions 1.1.1 and 1.5 of ProtectionPilot, as well as the Common Management Agent (CMA) version 3.5.5.438. Attackers can exploit this vulnerability by sending specially crafted input, resulting in a denial of service condition that crashes the CMA Framework service. Furthermore, there is a risk that attackers could potentially execute arbitrary code in the context of the vulnerable application, enabling them to gain unauthorized access and perform malicious activities.

References

http://www.osvdb.org/36101

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2007/2498

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1018363

vdb-entryx_refsource_SECTRACK

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 12, 2007
Vulnerability Reserved
Oct 13, 2006