#dotdotheader_menu.html#
Mcafee Multiple Products Remote Code execution vulnerabilities
Author: Mati Aharoni
Date: 1 May 2006
-[ Product: Mcafee EPO 3.5 and Protectino Pilot-[ Version: 3.5.0 / 1.1.X
-[ OS: Windows
-[ Vendor: http://www.mcafee.com
Summary
The Mcafee HTTP server used in EPO 3.5 and Protection Pilot 1.1.X is vulnerable to a buffer overflow condition which can lead to remote code execution.
Problem
When sending a malformed HTTP request with a long "Source" header, the server crashes. The overflow allows direct control of the SEH. For proof of concept see:
http://metasploit.com/projects/Framework/modules/exploits/mcafee_epolicy_source.pm
For a more detailed analysis, click here
Patches
Vendor was notified and a patch was released.
#dotdotfree_projects_menu.html#