Integer Overflow in McAfee ePolicy Orchestrator and ProtectionPilot
CVE-2006-5274

Currently unrated

Key Information:

Vendor

Mcafee
Status
Protectionpilot
Epolicy Orchestrator
Common Management Agent
Vendor
CVE Published:
12 July 2007

What is CVE-2006-5274?

An integer overflow vulnerability exists in McAfee's ePolicy Orchestrator and ProtectionPilot. This flaw affects versions 3.5 through 3.6.1 of ePolicy Orchestrator, and versions 1.1.1 and 1.5 of ProtectionPilot, as well as the Common Management Agent (CMA) version 3.5.5.438. Attackers can exploit this vulnerability by sending specially crafted input, resulting in a denial of service condition that crashes the CMA Framework service. Furthermore, there is a risk that attackers could potentially execute arbitrary code in the context of the vulnerable application, enabling them to gain unauthorized access and perform malicious activities.

References

http://www.osvdb.org/36101
vdb-entryx_refsource_OSVDB
http://www.vupen.com/english/advisories/2007/2498
vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1018363
vdb-entryx_refsource_SECTRACK

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.