Signature Detail

Short Name	HTTP:STC:CLSID:ACTIVEX:EPO-SM
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	McAfee ePolicy Orchestrator SiteManager Exploit
Release Date	2007/03/21
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: McAfee ePolicy Orchestrator SiteManager Exploit

This signature detects attempts to exploit a known vulnerability against McAfee ePolicy Orchestrator SiteManager. An attacker can create malicious Web pages, which if visited by a victim, can lead to the attacker gaining control of the victim's client browser.

Extended Description

The SiteManager.DLL ActiveX control shipped with McAfee EPolicy Orchestrator is prone to multiple buffer-overflow vulnerabilities. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. Various versions of McAfee EPolicy Orchestrator and ProtectionPilot are vulnerable to these issues.

Affected Products

McAfee ePolicy Orchestrator 3.5.0 patch 7
McAfee ePolicy Orchestrator 3.5 patch 6
McAfee ePolicy Orchestrator 3.6.0 patch 5
McAfee ePolicy Orchestrator 3.6.1
McAfee ProtectionPilot 1.1.1 patch 3
McAfee ProtectionPilot 1.5.0

References

BugTraq: 22952
CVE: CVE-2007-1498
URL: http://www.kb.cert.org/vuls/id/714593
URL: http://www.securiteam.com/windowsntfocus/5KP0F1FKUW.html
URL: http://www.securityfocus.com/bid/22952

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: McAfee ePolicy Orchestrator SiteManager Exploit

Extended Description

Affected Products

References