Intrusion Prevention

McAfee.McSubMgr.ActiveX.Buffer.Overflow

Description

This indicates an attack attempt against a buffer-overflow vulnerability in McAfee Security Center McSubMgr ActiveX control (mcsubmgr.dll) which is caused by improper bounds checking of an overly long parameter.
Successful exploitation could allow remote attacker to execute arbitrary code.

Affected Products

McAfee Wireless Home Network Security 2006
McAfee VirusScan 2006
McAfee VirusScan 2005
McAfee VirusScan 2004
McAfee SpamKiller 2006
McAfee SpamKiller 2005
McAfee SpamKiller 2004
McAfee SecurityCenter 6.0.22
McAfee SecurityCenter 6.0
McAfee SecurityCenter 4.3
McAfee QuickClean 2006
McAfee QuickClean 2005
McAfee QuickClean 2004
McAfee Privacy Service 2006
McAfee Privacy Service 2005
McAfee Privacy Service 2004
McAfee Personal Firewall Plus 2006
McAfee Personal Firewall Plus 2005
McAfee Personal Firewall Plus 2004
McAfee Internet Security Suite 2006 0
McAfee Internet Security Suite 2005
McAfee Internet Security Suite 2004
McAfee AntiSpyware 2006
McAfee AntiSpyware 2005

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Update SecurityCenter to SecurityCenter 6.0.23
http://ts.mcafeehelp.com/faq3.asp?docid=407052

CVE References

CVE-2006-3961