Intrusion Prevention

McAfee.Framework.ePolicy.Format.String

Description

This indicates a format string vulnerability in McAfee ePolicy Orchestrator.
McAfee ePolicy Orchestrator does not properly validate user controlled input. Specially crafted user supplied strings can allow a remote attacker to execute arbitrary code.

Affected Products

McAfee ePolicy Orchestrator 4.0 and prior.
McAfee Common Management Agent 3.6.0.574(patch 3) and prior.

Impact

System compromise

Recommended Actions

Apply the update from the vendor.
http://download.nai.com/products/patches/epo/cma/v3.6.0/CMA3603HF398370.Zip

CVE References

CVE-2008-1357