CVE-2008-1357

Currently unrated

Key Information:

Vendor: Mcafee
Status: Mcafee Framework; Cma; Epolicy Orchestrator; Agent
Vendor: CVE Published:; 17 March 2008

Summary

Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.

References

http://securityreason.com/securityalert/3748

third-party-advisoryx_refsource_SREASON

https://knowledge.mcafee.com/article/234/615103_f.sal_pub...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/41178

vdb-entryx_refsource_XF

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 17, 2008
Vulnerability Reserved
Mar 17, 2008