CVE-2006-5274
published 2007-07-12CVE-2006-5274: Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote…
PriorityP432high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
4.99%
91.1th percentile
Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcafee | cma | <= 3.6.0.574 | — |
| mcafee | common_management_agent | — | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | protectionpilot | — | — |
| mcafee | protectionpilot | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j55f-jpf8-gg6v: FrameworkService
ghsa_unreviewed·2022-05-01·CVSS 7.6
CVE-2008-1855 [HIGH] GHSA-j55f-jpf8-gg6v: FrameworkService
FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
GHSA
GHSA-3gxp-2868-6qrc: Integer overflow in McAfee ePolicy Orchestrator 3
ghsa_unreviewed·2022-05-01
CVE-2006-5274 [HIGH] GHSA-3gxp-2868-6qrc: Integer overflow in McAfee ePolicy Orchestrator 3
Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/26029http://www.iss.net/threats/269.htmlhttp://www.osvdb.org/36101http://www.securityfocus.com/bid/24863http://www.securitytracker.com/id?1018363http://www.vupen.com/english/advisories/2007/2498https://exchange.xforce.ibmcloud.com/vulnerabilities/31165https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.htmlhttp://secunia.com/advisories/26029http://www.iss.net/threats/269.htmlhttp://www.osvdb.org/36101http://www.securityfocus.com/bid/24863http://www.securitytracker.com/id?1018363http://www.vupen.com/english/advisories/2007/2498https://exchange.xforce.ibmcloud.com/vulnerabilities/31165https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html
2007-07-12
Published