McAfee products vulnerable to code execution flaw

By SearchSecurity.com Staff 01 Aug 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Aliso Viejo, Calif.-based security firm eEye Digital Security Inc. has reported that a flaw in multiple consumer products from the Santa Clara, Calif.-based antivirus vendor could enable an attacker to execute arbitrary commands on vulnerable systems.

The affected products include McAfee Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus 7.x, McAfee VirusScan 10.x, McAfee Privacy Service 6.x, McAfee SpamKiller 7.x and McAfee AntiSpyware 6.x.

The flaw has been reported to McAfee and confirmed, eEye said. However, few details are available as a workaround has not yet been released.

Danish vulnerability clearinghouse Secunia posted a bulletin about the vulnerable products Tuesday morning, rating the issue "highly critical." eEye denoted the issue as a high severity problem.

This flaw is not related to the recent flaw in McAfee's ePolicy Orchestrator product that attackers could exploit to compromise machines and launch malicious code.

That problem, reported by eEye and addressed last week, involved the framework service component of McAfee Common Management Agent (CMA), which allows users to configure and enforce protection policies; deploy and configure agents; and monitor the security status of systems from a centralized console.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Information security book excerpts and reviews Quiz: How to build secure applications Black box and white box testing: Which is best? Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary