McAfee ePolicy Orchestrator SiteManager ActiveX buffer overflow

Added: 03/22/2007
CVE: CVE-2007-1498
BID: 22952
OSVDB: 33796

Background

ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by sitemanager.dll.

Problem

A buffer overflow vulnerability in the SiteManager ActiveX control allows command execution when the VerifyPackageCatalog function is called with a long argument.

Resolution

Apply one of the patches referenced in McAfee Document ID 612495 or 612496.

References

http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0162.html

Limitations

Exploit works on McAfee ePolicy Orchestrator 3.6.1 with sitemanager.dll version 3.6.1.166.

A user must load the exploit page into Internet Explorer in order for the exploit to succeed.

Platforms

Windows 2000
Windows XP

Back to exploit index