Format String Vulnerability in McAfee Common Management Agent
CVE-2008-1357

Currently unrated

Key Information:

Vendor: Mcafee
Status: Mcafee Framework; Cma; Epolicy Orchestrator; Agent
Vendor: CVE Published:; 17 March 2008

Summary

A format string vulnerability exists in the logDetail function of applib.dll in McAfee's Common Management Agent. This issue affects versions 3.6.0.574 (Patch 3) and earlier, including ePolicy Orchestrator 4.0.0 build 1015. Remote attackers can exploit this vulnerability by sending specially crafted messages with format string specifiers in a sender field through an AgentWakeup request to UDP port 8082. The vulnerability only manifests when the debug level is set to 8, leading to potential denial of service or arbitrary code execution.

References

http://securityreason.com/securityalert/3748

third-party-advisoryx_refsource_SREASON

https://knowledge.mcafee.com/article/234/615103_f.sal_pub...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/41178

vdb-entryx_refsource_XF

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 17, 2008
Vulnerability Reserved
Mar 17, 2008