ID CVE-2008-1855
Summary FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
References
Vulnerable Configurations
  • cpe:2.3:a:mcafee:cma:*:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:cma:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-09-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 28573
confirm https://knowledge.mcafee.com/article/219/615324_f.SAL_Public.html
exploit-db 5343
misc http://www.offensive-security.com/0day/mcafee_again.py.txt
sectrack 1019794
secunia 29637
vupen ADV-2008-1122
xf mcafee-cma-frameworkservice-dos(41597)
Last major update 29-09-2017 - 01:30
Published 16-04-2008 - 19:05
Back to Top