---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: McAfee ePolicy Orchestrator / ProtectionPilot ActiveX Control Buffer Overflows SECUNIA ADVISORY ID: SA24466 VERIFY ADVISORY: http://secunia.com/advisories/24466/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: McAfee ePolicy Orchestrator 3.x http://secunia.com/product/1943/ McAfee ProtectionPilot 1.x http://secunia.com/product/5538/ DESCRIPTION: cocoruder has reported some vulnerabilities in McAfee ePolicy Orchestrator and ProtectionPilot, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors within the SITEMANAGER.DLL ActiveX Control when processing arguments passed to the "ExportSiteList()" and "VerifyPackageCatalog()" methods. These can be exploited to cause stack-based buffer overflows via an overly long string passed as argument to the affected methods. Successful exploitation allows execution of arbitrary code. The vulnerabilities affect the following products: * McAfee ePolicy Orchestrator 3.5.0 (Patch 5 and earlier) * McAfee ePolicy Orchestrator 3.6.0 (Patch 5 earlier) * McAfee ePolicy Orchestrator 3.6.1 * McAfee ProtectionPilot 1.1.1 (Patch 3 and earlier) * McAfee ProtectionPilot 1.5.0 SOLUTION: Apply hotfix/patch. https://mysupport.mcafee.com/eservice_enu/start.swe McAfee ePolicy Orchestrator 3.5.0 (Patch 7 and earlier): Apply hotfix EPO350HF323550. McAfee ePolicy Orchestrator 3.6.0 (Patch 5 earlier): Apply hotfix EPO360HF323553. McAfee ePolicy Orchestrator 3.6.1: Apply Patch 1. McAfee ProtectionPilot 1.1.1 (Patch 3 and earlier): Apply hotfix PRP111HF323555. McAfee ProtectionPilot 1.5.0: Apply hotfix PRP150HF323558. PROVIDED AND/OR DISCOVERED BY: cocoruder, Fortinet Security Research Team. ORIGINAL ADVISORY: Full Disclosure: http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html McAfee: https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------