Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA25173] McAfee SecurityCenter Subscription Manager ActiveX Control Buffer Overflow



> 
> TITLE:
> McAfee SecurityCenter Subscription Manager ActiveX Control Buffer
> Overflow
> 
> SECUNIA ADVISORY ID:
> SA25173
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/25173/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> McAfee Wireless Home Network Security 2006
> http://secunia.com/product/11211/
> McAfee VirusScan Professional 8.x
> http://secunia.com/product/5273/
> McAfee VirusScan Plus 2007
> http://secunia.com/product/14170/
> McAfee VirusScan Enterprise 8.x
> http://secunia.com/product/3948/
> McAfee VirusScan 9.x/2005
> http://secunia.com/product/4792/
> McAfee VirusScan 8.x/2004
> http://secunia.com/product/4740/
> McAfee VirusScan 10.x/2006
> http://secunia.com/product/9052/
> McAfee Total Protection 2007
> http://secunia.com/product/14169/
> McAfee SpamKiller 7.x
> http://secunia.com/product/7790/
> McAfee SpamKiller 6.x
> http://secunia.com/product/14173/
> McAfee SpamKiller 5.x
> http://secunia.com/product/6438/
> McAfee SecurityCenter 7.x
> http://secunia.com/product/14177/
> McAfee SecurityCenter 6.x
> http://secunia.com/product/6437/
> McAfee QuickClean 6.x
> http://secunia.com/product/14176/
> McAfee QuickClean 5.x
> http://secunia.com/product/14175/
> McAfee QuickClean 4.x
> http://secunia.com/product/14174/
> McAfee Privacy Service 6.x
> http://secunia.com/product/6481/
> McAfee Personal Firewall Plus 7.x/2006
> http://secunia.com/product/267/
> McAfee PC Protection Plus 2007
> http://secunia.com/product/14171/
> McAfee Internet Security Suite 2007
> http://secunia.com/product/14168/
> McAfee Internet Security Suite 2006
> http://secunia.com/product/11210/
> McAfee Internet Security Suite 2005
> http://secunia.com/product/4930/
> McAfee AntiSpyware 6.x
> http://secunia.com/product/6439/
> McAfee SecurityCenter 4.x
> http://secunia.com/product/11219/
> 
> DESCRIPTION:
> A vulnerability has been reported in various McAfee products, which
> can be exploited by malicious people to compromise a user's system.
> 
> The vulnerability is caused due to an error within the SecurityCenter
> Subscription Manager ActiveX control (McSubMgr.dll) when handling the
> "IsOldAppInstalled()" method. This can be exploited to cause a buffer
> overflow via a specially crafted argument passed to the said method.
> 
> Successful exploitation allows execution of arbitrary code when a
> user visits a malicious website.
> 
> The vulnerability affects versions prior to 7.2.147 and 6.0.25.
> 
> SOLUTION:
> The fix has reportedly been available via automatic updates since
> March 22, 2007.
> 
> Update to Security Center version 7.2.147 and 6.0.25, or higher.
> http://us.mcafee.com/root/login.asp
> 
> Set the kill-bit for the affected ActiveX control.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Discovered by Peter Vreugdenhil and reported via iDefense Labs.
> 
> ORIGINAL ADVISORY:
> McAfee:
> http://ts.mcafeehelp.com/faq3.asp?docid=419189
> 
> iDefense Labs:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=528
> 



 




Copyright © Lexa Software, 1996-2009.