CVE-2007-1498 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Epolicy Orchestrator

3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

28.1%

top 3.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Epolicy Orchestrator Mcafee Protectionpilot

Timeline

PublishedMar 16

Latest updateMay 1

Description

Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmcafee/epolicy_orchestrator3.5.0, 3.6.0, 3.6.1+2

▶NVDmcafee/protectionpilot1.1.1, 1.5.0+1

Patches

Patch: lists.grok.org.uk ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mx58-923r-ch2q: Multiple stack-based buffer overflows in the SiteManager↗2022-05-01

▶

CVEList

CVE-2007-1498: Multiple stack-based buffer overflows in the SiteManager↗2007-03-16

▶