McAfee ePolicy Orchestrator SiteManager ExportSiteList buffer overflow
Added: 05/11/2007CVE: CVE-2007-1498
BID: 22952
OSVDB: 33796
Background
ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by sitemanager.dll.Problem
A buffer overflow vulnerability in the SiteManager ActiveX control allows command execution when the ExportSiteList function is called with a long argument.Resolution
Apply one of the patches referenced in McAfee Document ID 612495 or 612496.References
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0162.htmlLimitations
Exploit works on McAfee ePolicy Orchestrator 3.6.1 (sitemanager.dll 3.6.1.166) on Windows 2000 SP4 and Windows XP SP1 and requires a user to load the exploit page into Internet Explorer.Platforms
Windows 2000 SP4Windows XP SP1
Back to exploit index