News

Reviews

Research

NEW ON CHANNELWEB

Everything Channel Launches Comdex Virtual

2010 Channel Chiefs

100 Coolest Cloud Computing Companies

25 Thought Leaders

20 To Watch

Products of the Year

State of The Market 2010

Top 100 Executives

FUDWatch Blog

FEATURED VIDEO

SLIDE SHOWS

10 Cloud Computing Channel Programs You Need To Know Now

We look at partner programs from 10 cloud vendors that will arm partners with the tools, support and revenue to be successful in cloud computing.

10 Apple Acquisitions That Made Their Mark

Apple doesn't often buy companies, and it's almost always tight lipped about how they'll fit into its strategy.

A First Look: FileMaker Pro 11

FileMaker Pro 11 has arrived, and we had a chance to try out some of the new features.

INSIDE CHANNELWEB

Emerging Vendors Blog

Emerging Vendors Report

Fast Growth 100

Demand Generation Services

Partner Programs Guide

Products of the Year

Site Map

State of Technology

State of The Market 2010

Tech Books Online

Tech Innovator Top Products

Top 100 Executives

VAR 500

Vendor Content Community

Vendor Stimulus Directory

Women of the Channel

White Paper Library

McAfee Patches ActiveX Flaw In ePO Software

By Kevin McLaughlin, ChannelWeb

3:18 PM EDT Wed. Mar. 14, 2007

McAfee has issued a patch for multiple security vulnerabilities in an ActiveX control that ships with its ePolicy Orchestrator and ProtectionPilot software.

In an advisory released Tuesday, McAfee said a successful attack would require reverse engineering of ePO, as well as the creation of a malicious Web page and cooperation from an ePO user. If successful, the attacker would be able to trigger a buffer overflow and corrupt process memory, paving the way for remote code execution with the privileges of the user.

EPolicy Orchestrator security management software provides a central console for managing McAfee enterprise security software. ProtectionPilot software automates updating for McAfee antivirus and antispyware software on networked PCs.

Vulnerable products include McAfee ePolicy Orchestrator 3.5 patch 6, 3.5.0, 3.6.0 and 3.6.1, as well as McAfee ProtectionPilot 1.1.1 patch 3 and 1.5.0. McAfee pushed the update to its Service Portal servers and made it available for download on Feb. 21.

McAfee rated the severity of the flaw as "medium," but security firm Secunia gave the vulnerability its second-higherst rating of "highly critical." Symantec Deepsight rated the flaw's severity at 8.3 on a 10-point scale.

Share: Digg Del.icio.us Facebook LinkedIn Twitter
More Security | Email this article | Print this article | Reprints

FEATURED PROMOTIONS

30% off Virtualization Manager 2010 Corporate
Save 30% on Paragon Software Virtualization Manager 2010 Corporate. Our response to the typical problems of every modern comp...

Endian UTM Empowering VARS
Endian empowers VARs with Partners Rock! Channel Program.

>>More Security Promotions

LATEST NEWS >>

Apple Patent Creates iPhone Social Networking

March 19, 2010 05:29 PM

VentureTech VARs Give Helping Hand To Women's Shelter

March 19, 2010 03:56 PM

Cloud SLAs Add New Level Of 'Confidence'

March 19, 2010 03:01 PM

Tandberg Adds To Desktop Telepresence Portfolio With EX90

March 19, 2010 02:51 PM

IBM Enlists 200 Channel Partners For Its LotusLive Cloud Services

March 19, 2010 02:10 PM

>>More News

RELATED BLOG >>

Emerging Vendors

Delfigo Asks Who's Who

Delfigo's flagship DS Gateway touts a zero-footprint installation with its cloud architecture, eliminating the need for flash downloads and hardware tokens.

RELATED NETSEMINARS >>

Transition to the Cloud

Put the Managed Services Pedal to the Metal

Managed Security Services: What Are You Waiting For?

>>More Netseminars

WHITEPAPERS >>

New Threat Reality

Attacks with Virtualization

>>More White Papers

CHANNEL SERVICES >>