Critical Security Flaw in McaFee ViruScan Enterprise Edition Published

Discussion in 'other security issues & news' started by hawki, Dec 2, 2010.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,077
    Location:
    DC Metro Area
    Security giant McAfee is investigating a publicly disclosed DLL preloading vulnerability in version 8.5i of its VirusScan Enterprise (VSE) product, which can lead to remote code execution.

    McAfee VirusScan Enterprise is the company’s endpoint antivirus product for corporate environments and is currently at version 8.7i Patch 4.

    In a knowledge base article published yesterday, McAfee revealed that it is investigating reports of a vulnerability in VSE 8.5i and earlier, which could allow remote attackers to execute arbitrary code in the context of the antivirus.

    The company described the flaw as a “DLL Side Load issue” and rated its impact as medium. The calculated CVSS base score is 5.7 out of 10.

    In contrast, vulnerability research company Secunia rates the issue as “highly critical” and calls it an “insecure library loading” flaw.

    http://news.softpedia.com/news/McAf...ution-Flaw-in-Enterprise-Scanner-170168.shtml
     
    hawki, Dec 2, 2010
    #1
  2. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I worry about McAfee. I'm just glad I don't use it any more. :eek:
     
    Daveski17, Dec 2, 2010
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...