McAfee products vulnerable to code execution flaw


McAfee products vulnerable to code execution flaw Staff
According to a  report from security firm eEye Digital Security, several products from antivirus vendor McAfee  are vulnerable to a remote code execution flaw that could enable an attacker to execute arbitrary commands on vulnerable systems.

The affected products include McAfee Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus 7.x, McAfee VirusScan 10.x, McAfee Privacy Service 6.x, McAfee SpamKiller 7.x and McAfee AntiSpyware 6.x.

The flaw has been reported to McAfee and confirmed, eEye said. However, few details are available as a workaround has not yet been released.

Danish vulnerability clearinghouse Secunia posted a bulletin about the vulnerable products on 1 August morning, rating the issue "highly critical." eEye denoted the issue as a high severity problem.

This flaw is not related to the recent flaw in McAfee's ePolicy Orchestrator product that attackers could exploit to compromise machines and launch malicious code.

That problem, reported by eEye and addressed last week, involved the framework service component of McAfee Common Management Agent (CMA), which allows users to configure and enforce protection policies; deploy and configure agents; and monitor the security status of systems from a centralised console.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy