1. CVE-Search
  2. CVE-2007-1498
ID CVE-2007-1498
Summary Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.
References
Vulnerable Configurations
  • cpe:2.3:a:mcafee:epolicy_orchestrator:3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:3.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:epolicy_orchestrator:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:epolicy_orchestrator:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:protectionpilot:1.1.1:p3:*:*:*:*:*:*
    cpe:2.3:a:mcafee:protectionpilot:1.1.1:p3:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:protectionpilot:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:protectionpilot:1.5.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 08-03-2011 - 02:52)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 22952
cert-vn VU#714593
confirm
fulldisc 20070314 [Advisory]McAfee ePolicy Orchestrator Multiple Remote Buffer Overflow Vulnerabilities
sectrack 1017757
secunia 24466
sreason 2444
vupen ADV-2007-0931
saint via4
  • bid 22952
    description McAfee ePolicy Orchestrator SiteManager ActiveX buffer overflow
    id web_tool_epolicysmax
    osvdb 33796
    title epo_sitemanager_verifypackagecatalog
    type client
  • bid 22952
    description McAfee ePolicy Orchestrator SiteManager ExportSiteList buffer overflow
    id web_tool_epolicysmax
    osvdb 33796
    title epo_sitemanager_exportsitelist
    type client
Last major update 08-03-2011 - 02:52
Published 16-03-2007 - 22:19
Last modified 08-03-2011 - 02:52
Back to Top