Signature Detail

HTTP: McAfee Manager CLSID Access

This signature detects attempts to exploit several security vulnerabilities against McAfee Subsrition Manager ClassID. Attackers can craft a malicious Web site, which if accessed by a victim, can add, remove, run any program on the victim's computer, or reboot the computer.

Extended Description

McAfee SecurityCenter is prone to a stack-based buffer-overflow vulnerability. This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged in user. This issue is reported to affect versions 4.3 through 6.0.22. Please see the affected packages section for a list of McAfee consumer products that ship with vulnerable versions of the McAfee SecurityCenter.

Affected Products

• Mcafee antispyware 2005
• Mcafee antispyware 2006
• Mcafee internet_security_suite 2004
• Mcafee internet_security_suite 2005
• Mcafee internet_security_suite_2006
• Mcafee personal_firewall_plus 2004
• Mcafee personal_firewall_plus 2005
• Mcafee personal_firewall_plus 2006
• Mcafee privacy_service 2004
• Mcafee privacy_service 2005
• Mcafee privacy_service 2006
• Mcafee quickclean 2004
• Mcafee quickclean 2005
• Mcafee quickclean 2006
• Mcafee securitycenter 4.3
• Mcafee securitycenter 6.0
• Mcafee securitycenter 6.0.22
• Mcafee spamkiller 2004
• Mcafee spamkiller 2005
• Mcafee spamkiller 2006
• Mcafee virusscan 2004
• Mcafee virusscan 2005
• Mcafee virusscan 2006
• Mcafee wireless_home_network_security 2006

References

• BugTraq: 19265
• CVE: CVE-2006-3961
• URL: http://www.eeye.com/html/research/advisories/AD2006807.html
• URL: http://ts.mcafeehelp.com/faq3.asp?docid=407052