Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:MCAFEE-FILE-NAME-OF |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
McAfee VirusScan On-Access Scanner Long Unicode Filename Handling Buffer Overflow |
Release Date |
2011/07/21 |
Update Number |
1959 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: McAfee VirusScan On-Access Scanner Long Unicode Filename Handling Buffer Overflow
This signature detects attempts to exploit a known vulnerability in McAfee VirusScan. It is due to a boundary error when processing overly long file names that contain Unicode characters. A remote attacker can exploit this vulnerability by placing a file with a specially crafted name on the target system and enticing the user to access the file. A successful attack can lead to arbitrary code execution.
Extended Description
McAfee VirusScan On-Access Scanner is prone to a filename-buffer-overflow vulnerability. The application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may disable the On-Access Scanner component of McAfee VirusScan. McAfee VirusScan On-Access Scanner 8.0i Enterprise Patch 11 and earlier versions are vulnerable to this issue.
Affected Products
- Mcafee virusscan_enterprise 8.0.0 i
- Mcafee virusscan_enterprise 8.0.0 i patch 11
References
- BugTraq: 23543
- CVE: CVE-2007-2152