ID CVE-2006-5156
Summary Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
References
Vulnerable Configurations
  • cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:sp2a:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:sp2a:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:3.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:protectionpilot:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:protectionpilot:1.1.1:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 20288
cert-vn VU#842452
confirm
fulldisc 20061002 McAfee EPO Buffer Overflow
misc http://www.remote-exploit.org/advisories/mcafee-epo.pdf
osvdb 29421
sectrack
  • 1016970
  • 1016971
secunia 22222
vupen ADV-2006-3861
xf epolicy-source-header-bo(29307)
saint via4
bid 20288
description McAfee HTTP header processing buffer overflow
id web_tool_mcafeehttpheader,web_tool_epolicyver,web_tool_protectionpilotver
osvdb 29421
title mcafee_http_header_bo
type remote
Last major update 20-07-2017 - 01:33
Published 05-10-2006 - 04:04
Last modified 20-07-2017 - 01:33
Back to Top