McAfee products vulnerable to code execution flaw

By SearchSecurity.com Staff 08 Aug 2006 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Aliso Viejo, Calif.-based security firm eEye Digital Security Inc. has reported that a flaw in multiple consumer products from the Santa Clara, Calif.-based antivirus vendor could enable an attacker to execute arbitrary commands on vulnerable systems.

The affected products include McAfee Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus 7.x, McAfee VirusScan 10.x, McAfee Privacy Service 6.x, McAfee SpamKiller 7.x and McAfee AntiSpyware 6.x.

The flaw has been reported to McAfee and confirmed, eEye said. However, few details are available as a workaround has not yet been released.

Danish vulnerability clearinghouse Secunia posted a bulletin about the vulnerable products Tuesday morning, rating the issue "highly critical." eEye denoted the issue as a high severity problem.

This flaw is not related to the recent flaw in McAfee's ePolicy Orchestrator product that attackers could exploit to compromise machines and launch malicious code.

That problem, reported by eEye and addressed last week, involved the framework service component of McAfee Common Management Agent (CMA), which allows users to configure and enforce protection policies; deploy and configure agents; and monitor the security status of systems from a centralized console.

This article originally appeared on SearchSecurity.com.

Tags: Spam and virus protection,  ISA Server and Firewalls for Microsoft Exchange Server,  Product,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Spam and virus protection Controlling spam in Exchange 2007 at the edge transport server level How file-level antivirus software can harm your Exchange Server Problems with email spoofing on SBS 2003 Exchange Insider e-zine Securing your Exchange Server 2007 journaling archives Troubleshooting Outlook Web Access issues on a 64-bit system Microsoft Exchange Server security dos and don'ts Troubleshooting Microsoft Exchange Server Event ID error 6009 How effective is tracking the IP address of an email hacker? How can I configure Exchange IMF to allow an IP address or DNS? Spam and virus protection Research ISA Server and Firewalls for Microsoft Exchange Server Top 5 Exchange mobile tips of 2008 Microsoft Exchange Server security dos and don'ts Windows SBS and Exchange Server security configuration best practices Why Exchange ActiveSync fails with NAT firewalls Deploying ISA Server as a firewall for Exchange Server mobile devices Adjust your firewall to avoid Exchange 2007 Direct Push failures OWA stops working from external network connection Enhance OWA logon security using Microsoft ISA Server Firewall problems with Exchange Server 2007 email attachments How and why to disable certain ESMTP verbs Product Microsoft reverses support plan for Exchange 2007 on Windows Server 2008 R2 Exchange Server 2007 SP2 adds auditing, backup Avoid these Exchange Server migration pitfalls Microsoft readies Exchange Server 2010 release candidate Microsoft updates Exchange Server 2007 SP1 Microsoft fortifies Exchange Server with archiving Microsoft shifts some Exchange support to callback New Exchange Server tools named as Products of the Year New tools fight fraud and phishing BlackBerry vs. the world

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com) hash buster  (SearchExchange.com) image spam  (SearchExchange.com) KnujOn  (SearchExchange.com) Sender ID  (SearchExchange.com) spam confidence level  (SearchExchange.com) spamblock  (SearchExchange.com) spim  (SearchExchange.com) tarpitting  (SearchExchange.com) teergrube  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary