Signature Detail

HTTP: McAfee Manager CLSID Access

This signature detects attempts to exploit several security vulnerabilities against McAfee Subsrition Manager ClassID. Attackers can craft a malicious Web site, which if accessed by a victim, can add, remove, run any program on the victim's computer, or reboot the computer.

Extended Description

McAfee SecurityCenter is prone to a stack-based buffer-overflow vulnerability. This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged in user. This issue is reported to affect versions 4.3 through 6.0.22. Please see the affected packages section for a list of McAfee consumer products that ship with vulnerable versions of the McAfee SecurityCenter.

Affected Products

• McAfee AntiSpyware 2005
• McAfee AntiSpyware 2006
• McAfee Internet Security Suite 2004
• McAfee Internet Security Suite 2005
• McAfee Internet Security Suite 2006
• McAfee Personal Firewall Plus 2004
• McAfee Personal Firewall Plus 2005
• McAfee Personal Firewall Plus 2006
• McAfee Privacy Service 2004
• McAfee Privacy Service 2005
• McAfee Privacy Service 2006
• McAfee QuickClean 2004
• McAfee QuickClean 2005
• McAfee QuickClean 2006
• McAfee SecurityCenter 4.3
• McAfee SecurityCenter 6.0
• McAfee SecurityCenter 6.0.22
• McAfee SpamKiller 2004
• McAfee SpamKiller 2005
• McAfee SpamKiller 2006
• McAfee VirusScan 2004
• McAfee VirusScan 2005
• McAfee VirusScan 2006
• McAfee Wireless Home Network Security 2006

References

• BugTraq: 19265
• CVE: CVE-2006-3961
• URL: http://www.eeye.com/html/research/advisories/AD2006807.html
• URL: http://ts.mcafeehelp.com/faq3.asp?docid=407052