Buffer Overflow Vulnerability in ePolicy Orchestrator by McAfee
CVE-2007-1498

Currently unrated

Key Information:

Vendor: Mcafee
Status: Protectionpilot; Epolicy Orchestrator
Vendor: CVE Published:; 16 March 2007

Summary

The SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in McAfee ePolicy Orchestrator's management console contains multiple stack-based buffer overflow vulnerabilities. These flaws occur due to insufficient input validation in functions ExportSiteList and VerifyPackageCatalog, which allows remote attackers to manipulate arguments passed to these functions. An attacker can exploit these vulnerabilities, including through unspecified vectors involving a swprintf function call, to execute arbitrary code on the affected system.

References

http://www.securityfocus.com/bid/22952

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/2444

third-party-advisoryx_refsource_SREASON

http://www.vupen.com/english/advisories/2007/0931

vdb-entryx_refsource_VUPEN

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 16, 2007
Vulnerability Reserved
Mar 16, 2007