Vulnerabilities > CVE-2007-1498 - Remote Buffer Overflow vulnerability in Mcafee Epolicy Orchestrator and Protectionpilot
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
| NASL family | Windows |
| NASL id | EPOLICY_ORCHESTRATOR_SITEMANAGER_ACTIVEX.NASL |
| description | The version of the SiteManager ActiveX control included with McAfee ePolicy Orchestrator or ProtectionPilot and installed on the remote host reportedly contains several buffer overflows. If an attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to execute arbitrary code on the host subject to the user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 24814 |
| published | 2007-03-15 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/24814 |
| title | ePolicy Orchestrator SiteManager ActiveX Control Multiple Buffer Overflows |
Saint
bid 22952 description McAfee ePolicy Orchestrator SiteManager ExportSiteList buffer overflow id web_tool_epolicysmax osvdb 33796 title epo_sitemanager_exportsitelist type client bid 22952 description McAfee ePolicy Orchestrator SiteManager ActiveX buffer overflow id web_tool_epolicysmax osvdb 33796 title epo_sitemanager_verifypackagecatalog type client
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html
- http://secunia.com/advisories/24466
- http://securityreason.com/securityalert/2444
- http://www.kb.cert.org/vuls/id/714593
- http://www.securityfocus.com/bid/22952
- http://www.securitytracker.com/id?1017757
- http://www.vupen.com/english/advisories/2007/0931
- https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html
- https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html