McAfee has issued a patch for multiple security vulnerabilities in an ActiveX control that ships with its ePolicy Orchestrator and ProtectionPilot software.
In an advisory released Tuesday, McAfee said a successful attack would require reverse engineering of ePO, as well as the creation of a malicious Web page and cooperation from an ePO user. If successful, the attacker would be able to trigger a buffer overflow and corrupt process memory, paving the way for remote code execution with the privileges of the user.
EPolicy Orchestrator security management software provides a central console for managing McAfee enterprise security software. ProtectionPilot software automates updating for McAfee antivirus and antispyware software on networked PCs.
Vulnerable products include McAfee ePolicy Orchestrator 3.5 patch 6, 3.5.0, 3.6.0 and 3.6.1, as well as McAfee ProtectionPilot 1.1.1 patch 3 and 1.5.0. McAfee pushed the update to its Service Portal servers and made it available for download on Feb. 21.
McAfee rated the severity of the flaw as "medium," but security firm Secunia gave the vulnerability its second-higherst rating of "highly critical." Symantec Deepsight rated the flaw's severity at 8.3 on a 10-point scale.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- McAfee Patches Critical ePolicy Orchestrator Flaw
- Flaw Discovered in McAfee ePolicy Orchestrator
- Microsoft Shows Its Love In Valentine's Day Patch Release
- Worker Abuse Protest Targets Apple, Supplier Foxconn
- McAfee Rolls Out Patch For Anti-Malware Service
- New McAfee Channel Chief Promises Recertification Changes
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
